Medium severity4.3NVD Advisory· Published May 9, 2026· Updated May 14, 2026
CVE-2025-15634
CVE-2025-15634
Description
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.
Affected products
22cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:*range: <33
- cpe:2.3:a:hcltech:bigfix_webui_content_app:*:*:*:*:*:*:*:*range: <28
- cpe:2.3:a:hcltech:bigfix_webui_application_administration:*:*:*:*:*:*:*:*Range: <40
cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:*range: <22
- cpe:2.3:a:hcltech:bigfix_webui_custom:*:*:*:*:*:*:*:*range: <50
cpe:2.3:a:hcltech:bigfix_webui_ivr:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:bigfix_webui_ivr:*:*:*:*:*:*:*:*range: <23
- (no CPE)
cpe:2.3:a:hcltech:bigfix_webui_patch:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:bigfix_webui_patch:*:*:*:*:*:*:*:*range: <54
- cpe:2.3:a:hcltech:bigfix_webui_patch_policies:*:*:*:*:*:*:*:*range: <51
- cpe:2.3:a:hcltech:bigfix_webui_permissions_and_preferences:*:*:*:*:*:*:*:*Range: <27
- cpe:2.3:a:hcltech:bigfix_webui_profile_management:*:*:*:*:*:*:*:*Range: <33
cpe:2.3:a:hcltech:bigfix_webui_query:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:bigfix_webui_query:*:*:*:*:*:*:*:*range: <45
- cpe:2.3:a:hcltech:bigfix_webui_scm:*:*:*:*:*:*:*:*range: <20
- cpe:2.3:a:hcltech:bigfix_webui_software_distribution:*:*:*:*:*:*:*:*Range: <54
- cpe:2.3:a:hcltech:bigfix_webui_take_action:*:*:*:*:*:*:*:*Range: <37
Patches
Vulnerability mechanics
References
1- support.hcl-software.com/csmnvdVendor Advisory
News mentions
0No linked articles in our index yet.