Detections
Analytics

HCL BigFix Server 11.0.x < 11.0.6 Insufficient Authentication (KB0129906)

low Nessus Plugin ID 305751

Language:

Synopsis

The remote host is affected by an insufficient authentication vulnerability.

Description

The version of HCL BigFix Server installed on the remote host is 11.0.x prior to 11.0.6. It is, therefore, affected by an insufficient authentication vulnerability:

 - HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. (CVE-2026-21767)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade HCL BigFix Server based upon the guidance specified in KB0129906.

See Also

http://www.nessus.org/u?78670c7f

Plugin Details

Severity: Low

ID: 305751

File Name: hcl_bigfix_server_KB0129906.nasl

Version: 1.4

Type: Local

Agent: windows

Family: Misc.

Published: 4/9/2026

Updated: 4/17/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2026-21767

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_endpoint_manager, cpe:/a:ibm:endpoint_manager, cpe:/a:ibm:bigfix_platform, cpe:/a:hcltech:bigfix_platform

Required KB Items: SMB/Registry/Enumerated, installed_sw/HCL BigFix Server

Exploit Ease: No known exploits are available

Patch Publication Date: 4/1/2026

Vulnerability Publication Date: 4/1/2026

Reference Information

CVE: CVE-2026-21767

IAVA: 2026-A-0297