PT-2026-37636 · Hcl · Bigfix Service Management

Published

2026-05-06

Updated

2026-05-06

CVE-2025-31983

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions HCL BigFix Service Management (SM) (affected versions not specified)

Description A security misconfiguration in the Content Security Policy (CSP) header allows attackers to inject malicious scripts. This increases the risk of cross-site scripting (XSS), which is a technique where malicious scripts are injected into trusted websites, and may lead to the exposure of sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

CVE-2025-31983

Affected Products

Bigfix Service Management

PT-2026-37636 · Hcl · Bigfix Service Management

CVE-2025-31983

Weakness Enumeration

Related Identifiers

Affected Products

References · 5