CVE-2026-21840

Summary

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareHCL BigFix Platform10.0.0 - 10.0.15, 11.0.0 - 11.0.5affected

Weaknesses

  • CWE-208: CWE-208 Observable timing discrepancy

References