User Enumeration Vulnerability in HCL BigFix Platform
CVE-2026-21840

3.1LOW

Key Information:

Vendor
CVE Published:
14 July 2026

What is CVE-2026-21840?

The HCL BigFix Platform contains a user enumeration vulnerability that can be exploited by an attacker who closely monitors system control and response times. This could lead to revealing valid usernames, thereby compromising the service's security integrity. The risk arises from the potential for unauthorized users to identify legitimate accounts within the platform.

Affected Version(s)

HCL BigFix Platform 10.0.0 - 10.0.15, 11.0.0 - 11.0.5

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.