CVE-2025-31962

LOW

2.0

Description

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.

Details CVE

Score CVSS v3.12.0

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisHIGH

Interaction utilisateurREQUIRED

Publie1/7/2026

Derniere modification1/12/2026

Sourcenvd

Observations honeypot0

Produits affectes

hcltech:bigfix_insights_for_vulnerability_remediation

Faiblesses (CWE)

CWE-613

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753(psirt@hcl.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.