HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.
PUBLISHED5.2CWE-200
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl
Problem type
Affected products
HCL Software
BigFix Service Management (SM)
23 - AFFECTED
References
support.hcl-software.com
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144
GitHub Security Advisories
GHSA-r7c2-39pq-6jh8
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but...
https://github.com/advisories/GHSA-r7c2-39pq-6jh8HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-31982Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-31982",
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"dateUpdated": "2026-05-06T14:48:15.530Z",
"dateReserved": "2025-04-01T18:46:33.655Z",
"datePublished": "2026-05-06T13:46:05.065Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL",
"dateUpdated": "2026-05-06T13:46:05.065Z"
},
"datePublic": "2026-05-06T16:15:00.000Z",
"title": "HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl",
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<span> HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.</span>"
}
]
}
],
"affected": [
{
"vendor": "HCL Software",
"product": "BigFix Service Management (SM)",
"defaultStatus": "unaffected",
"versions": [
{
"version": "23",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-200: xposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-05-06T14:48:15.530Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}