CVE-2026-21840 PUBLISHED

HCL BigFix Platform is affected by a user enumeration vulnerability

Assigner: HCL
Reserved: 05.01.2026 Published: 14.07.2026 Updated: 15.07.2026

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.1

Product Status

Vendor HCLSoftware
Product HCL BigFix Platform
Versions Default: unaffected
  • Version 10.0.0 - 10.0.15, 11.0.0 - 11.0.5 is affected

References

Problem Types

  • CWE-208 Observable timing discrepancy CWE