HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability
Summary
| CVE | CVE-2024-30151 |
|---|---|
| State | PUBLISHED |
| Assigner | HCL |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-06 19:16:35 UTC |
| Updated | 2026-05-07 17:06:09 UTC |
| Description | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications |
Risk And Classification
Primary CVSS: v3.1 8.3 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS: 0.000490000 probability, percentile 0.150940000 (date 2026-05-12)
Problem Types: CWE-532 | CWE-532 CWE-532 Insertion of sensitive information into log file
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
| 3.1 | CNA | CVSS | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
LowCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hcltech | Bigfix Service Management | 23.0 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | HCL | BigFix Service Management SM | affected 23 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.hcl-software.com/csm | [email protected] | support.hcl-software.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.