heise PlusAbo
Anzeige

HCL BigFix: Security issues with SAML authentication

HCL's endpoint management platform BigFix is vulnerable. The developers have now closed a critical security vulnerability.

listen Print view
A symbolic update button.

(Image: Photon photo/Shutterstock.com)

1 min. read
Security
By

HCL BigFix is vulnerable in the context of SAML authentication. There is now a security patch.

Problems with Authentication

The HCL developers point out in a security advisory that the “critical” web UI vulnerability (CVE-2025-54419) is rated with the highest possible CVSS score of 10 out of 10. The vulnerability affects Node-SAML, and attackers can manipulate login credentials.

It is not entirely clear from the description of the vulnerability what attackers can do after a successful attack. Due to the critical rating, it is plausible that they will then have extensive system access.

Videos by heise

The developers assure that they have closed the vulnerability in HCL BigFix 5.1.0. Whether there are already attacks is currently unknown.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten