CVE-2026-21765— HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21765
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix Platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix Platform是印度HCL公司的一套端点安全管理平台。该平台支持自动发现、管理和修复端点安全问题。 HCL BigFix Platform存在安全漏洞,该漏洞源于私有加密密钥权限不安全,可能导致Windows主机上的私有加密密钥文件系统权限过于宽松。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCLSoftware | BigFix Platform | 11.0.0 - 11.0.5 | - |
II. Public POCs for CVE-2026-21765
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21765
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: BigFix Platform
- CVE-2026-21767
HCL BigFix Platform is affected by insufficient authenticati - CVE-2024-30117
HCL BigFix Platform is affected by a DLL Hijack vulnerabilit - CVE-2024-23556
HCL BigFix Platform is impacted by a failure to restrict SSL - CVE-2024-23554
HCL BigFix Platform is susceptible to Cross-Site Request For - CVE-2024-23583
HCL BigFix Platform is susceptible to insufficiently protect
Same vendor: HCLSoftware
- CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2025-31981
HCL BigFix Service Management (SM) Discovery is vulnerable t - CVE-2025-31958
HCL BigFix Service Management (SM) is susceptible to HTTP Re - CVE-2025-31991
HCL DevOps Velocity is susceptible to brute-force attacks
Same weakness: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. Comments for CVE-2026-21765
No comments yet