CVE-2025-31957
MEDIUM WAF: Low
CVSS 5.7
Published: 2026-05-06
CWE-352
HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hcltech | bigfix_service_management | 23.0 |
References
- support.hcl-software.com (Vendor Advisory)