{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21767", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-01-05T16:07:58.367Z", "datePublished": "2026-04-01T23:47:39.363Z", "dateUpdated": "2026-04-02T18:22:19.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-04-01T23:47:39.363Z"}, "title": "HCL BigFix Platform is affected by\u00a0insufficient authentication", "datePublic": "2026-04-01T23:35:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "affected": [{"vendor": "HCLSoftware", "product": "BigFix Platform", "versions": [{"status": "affected", "version": "11.0.0 - 11.0.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL BigFix Platform is affected by\u00a0insufficient authentication.\u00a0 The application might allow users to access sensitive areas of the application without proper authentication.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL BigFix Platform is affected by<strong>&nbsp;</strong>insufficient authentication.&nbsp; The application might allow users to access sensitive areas of the application without proper authentication."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:21:56.731436Z", "id": "CVE-2026-21767", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:22:19.150Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21767", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-01-05T16:07:58.367Z", "datePublished": "2026-04-01T23:47:39.363Z", "dateUpdated": "2026-04-02T18:22:19.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-04-01T23:47:39.363Z"}, "title": "HCL BigFix Platform is affected by\u00a0insufficient authentication", "datePublic": "2026-04-01T23:35:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "affected": [{"vendor": "HCLSoftware", "product": "BigFix Platform", "versions": [{"status": "affected", "version": "11.0.0 - 11.0.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL BigFix Platform is affected by\u00a0insufficient authentication.\u00a0 The application might allow users to access sensitive areas of the application without proper authentication.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL BigFix Platform is affected by<strong>&nbsp;</strong>insufficient authentication.&nbsp; The application might allow users to access sensitive areas of the application without proper authentication."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21767", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T18:21:56.731436Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:22:11.303Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HCL BigFix Platform is affected by\u00a0insufficient authentication.\u00a0 The application might allow users to access sensitive areas of the application without proper authentication."}], "id": "CVE-2026-21767", "lastModified": "2026-04-02T00:16:24.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2026-04-02T00:16:24.147", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.0.0,11.0.5]"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "BigFix Platform", "source": "cna", "vendor": "HCLSoftware"}, "product": "bigfix_platform", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-04-02T02:05:33.631839+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011published patch or update for HCL BigFix Platform as soon as it becomes available.", "Verify that the authentication mechanism is enforced for all sensitive application areas after patching.", "Review user roles and permissions to ensure least\u2011privilege access is maintained for all accounts.", "Consult the vendor\u2019s advisory (e.g., https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906) for any additional configuration guidance or temporary mitigations."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "The affected product is the HCLSoftware BigFix Platform. No specific versions were listed in the data; the vulnerability is reported as a general issue affecting the platform in its current deployments until corrected by a vendor update.", "description_and_impact": "HCL BigFix Platform is affected by insufficient authentication, allowing users to reach sensitive areas of the application without proper credentials. The flaw enables unauthorized disclosure, modification, or impersonation of privileged data or functions, representing an authentication bypass weakness (CWE-306).", "risk_and_exploitability": "The CVSS score of 4.0 indicates a moderate risk. While the exploitability score (EPSS) is not available, the weakness implies that an attacker can misuse web interfaces or internal application calls to impersonate users, as inferred from the description. The vulnerability is not listed in CISA\u2019s KEV catalog, but because it permits unauthorized access, it should be considered a medium to high priority by security teams."}}}}, "created": "2026-04-02T07:46:53.326354+00:00", "updated": "2026-04-02T20:15:53.052162+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$bigfix_platform"]}