PT-2026-37634 · Hcl · Bigfix Service Management
Published
2026-05-06
·
Updated
2026-05-06
·
CVE-2025-31978
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HCL BigFix Service Management (SM) (affected versions not specified)
Description
HCL BigFix Service Management (SM) fails to adequately sanitize or safely render spreadsheet files, specifically CSV, XLS, and XLSX formats, before they are processed or distributed. This allows an attacker to populate data fields that, when saved to a CSV file, may trigger information exfiltration or other malicious activities upon automatic execution by the spreadsheet software.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigfix Service Management