Outdated jQuery Library Vulnerability in HCL BigFix SCM Reporting
CVE-2026-21821

8.3HIGH

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Scm Reporting
Vendor: CVE Published:; 13 May 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21821?

The HCL BigFix SCM Reporting site is impacted by an outdated version of the jQuery 1.x library which has reached its end-of-life. This lack of support means that security vulnerabilities inherent in jQuery 1.x are no longer patched. Consequently, this exposes the application to potential client-side attacks, including but not limited to Cross-Site Scripting (XSS). Users may also face increased risks from third-party components that rely on this vulnerable library, necessitating urgent attention to mitigate possible security risks.

Affected Version(s)

BigFix SCM Reporting 11.0.5

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21821 Data

JSON