CVE-2026-21821— HCL BigFix SCM Reporting is affected by vulnerabilities in jQuery
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1189 · Drive-by CompromiseAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCLSoftware | BigFix SCM Reporting | 11.0.5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21821
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix SCM Reporting is affected by vulnerabilities in jQuery
Source: NVD (National Vulnerability Database)
Vulnerability Description
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用未维护的第三方组件
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix SCM Reporting 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix SCM Reporting是印度HCL公司的一个安全配置管理报表组件。 HCL BigFix SCM Reporting存在安全漏洞,该漏洞源于包含已过时且不受支持的jQuery 1.x库,可能增加客户端攻击风险,如跨站脚本攻击或通过易受攻击的第三方组件进行操纵。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCLSoftware | BigFix SCM Reporting | 11.0.5 | - |
II. Public POCs for CVE-2026-21821
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21821
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: HCLSoftware
- CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2025-31981
HCL BigFix Service Management (SM) Discovery is vulnerable t - CVE-2025-31958
HCL BigFix Service Management (SM) is susceptible to HTTP Re - CVE-2025-31991
HCL DevOps Velocity is susceptible to brute-force attacks
Same weakness: CWE-1104
- CVE-2026-41468
Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Tem - CVE-2025-55277
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdate - CVE-2025-12104
Incorrect Content-Type Header - CVE-2025-52658
HCL MyXalytics is affected by the use of vulnerable/outdated - CVE-2025-34192
Vasion Print (formerly PrinterLogic) Usage of Outdated and U
V. Comments for CVE-2026-21821
No comments yet