Vulnerability Description
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hcltech | Bigfix Webui Api | < 33 |
| Hcltech | Bigfix Webui Application Administration | < 40 |
| Hcltech | Bigfix Webui Cmep | < 22 |
| Hcltech | Bigfix Webui Common | < 101 |
| Hcltech | Bigfix Webui Content App | < 28 |
| Hcltech | Bigfix Webui Custom | < 50 |
| Hcltech | Bigfix Webui Data Sync | < 37 |
| Hcltech | Bigfix Webui Extensions | < 14 |
| Hcltech | Bigfix Webui Framework | < 35 |
| Hcltech | Bigfix Webui Insights | < 32 |
| Hcltech | Bigfix Webui Ivr | < 23 |
| Hcltech | Bigfix Webui Mdm | < 29 |
| Hcltech | Bigfix Webui Patch | < 54 |
| Hcltech | Bigfix Webui Patch Policies | < 51 |
| Hcltech | Bigfix Webui Permissions And Preferences | < 27 |
| Hcltech | Bigfix Webui Profile Management | < 33 |
| Hcltech | Bigfix Webui Query | < 45 |
| Hcltech | Bigfix Webui Reports | < 24 |
| Hcltech | Bigfix Webui Scm | < 20 |
| Hcltech | Bigfix Webui Software Distribution | < 54 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-15634?
CVE-2025-15634 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized ...
How severe is CVE-2025-15634?
CVE-2025-15634 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15634?
Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Webui Api, Hcltech Bigfix Webui Application Administration, Hcltech Bigfix Webui Cmep, Hcltech Bigfix Webui Common, Hcltech Bigfix Webui Content App.