CVE-2026-21821
HCL BigFix SCM Reporting is affected by vulnerabilities in jQuery
In short
HCL BigFix SCM Reporting uses an old, unsupported version of jQuery that no longer receives security updates. This exposes the application to known security flaws that attackers can exploit to steal data or take control of user sessions through the browser.
Technical detail
The application bundles jQuery 1.x, an end-of-life library with publicly disclosed vulnerabilities. Attackers can leverage client-side attack vectors such as XSS or DOM manipulation via vulnerable third-party dependencies to compromise user browsers and access sensitive reporting data, requiring user interaction (e.g., clicking a malicious link).
Summary generated and translated by AI from the official description.
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
HCLSoftware · BigFix SCM ReportingWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →