Bigfix Ivr
Approved changes feed: RSS · Atom
cpe:2.3:a:hclsoftware:bigfix_ivr:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Hclsoftware (06fdb6ce-b596-52c8-8d32-13dd34a56cea) |
|---|---|
| Product | Bigfix Ivr (9ba8b59a-aa47-5f2a-b91d-059fc679c5d1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-31964 |
vulnerable | 2026-06-03 15:00:39.731257 |
HCL BigFix IVR is impacted by an improper service binding configuration
LOW (2.2)
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.
Published: 2026-01-07T07:18:27.569Z
Updated: 2026-01-07T16:12:56.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-31963 |
vulnerable | 2026-06-03 15:00:39.730959 |
HCL BigFix IVR is impacted by improper authentication and missing CSRF protection
LOW (2.9)
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
Published: 2026-01-07T07:05:40.098Z
Updated: 2026-01-07T16:13:25.789Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-31962 |
vulnerable | 2026-06-03 15:00:39.728226 |
HCL BigFix IVR is impacted by an insufficient session expiration vulnerability
LOW (2)
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
Published: 2026-01-07T06:48:19.946Z
Updated: 2026-01-07T16:13:31.105Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.