Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753