MEDIUM SeverityCVSS 4.05.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
CVE-2025-15633
Last updated May 09, 2026 · Published May 09, 2026
Description
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.
Affected products
1 listed- HCLSoftware:BigFix WebUI
Mappings
CWE
CWE-863
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms