Bigfix Insights CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-31962	1 Hcltech	1 Bigfix Insights For Vulnerability Remediation	2026-01-12	2 Low
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
CVE-2025-31963	1 Hcltech	1 Bigfix Insights For Vulnerability Remediation	2026-01-08	2.9 Low
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
CVE-2025-31964	1 Hcltech	1 Bigfix Insights For Vulnerability Remediation	2026-01-08	2.2 Low
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
CVE-2022-44758	1 Hcltech	1 Bigfix Insights For Vulnerability Remediation	2024-11-21	6.5 Medium
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.
CVE-2022-44757	1 Hcltech	1 Bigfix Insights For Vulnerability Remediation	2024-11-21	6.5 Medium
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
CVE-2021-27757	1 Hcltech	1 Bigfix Insights	2024-11-21	7.5 High
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."

Page 1 of 1.