Description

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.

Related CPE's

a

hcltech

bigfix_insights_for_vulnerability_remediation

4.2

Vulnerable

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-613

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

2 · Low

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-07T12:17:01.720Z

5 days ago

Last modified

2026-01-12T18:22:21.657Z

6 hours ago