{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-31977","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2025-04-01T18:46:26.620Z","datePublished":"2025-08-28T17:00:13.558Z","dateUpdated":"2025-08-28T17:14:21.168Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"BigFix Service Management (SM)","vendor":"HCL Software","versions":[{"status":"affected","version":"23","versionType":"Framework"}]}],"datePublic":"2025-08-28T16:46:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.  An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions."}],"value":"HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.  An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-311","description":"CWE-311 Missing Encryption of Sensitive Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2025-08-28T17:00:13.558Z"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123631"}],"source":{"discovery":"INTERNAL"},"title":"A cryptographic weakness has been identified in the HCL BigFix Service Management (SM)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-28T17:14:16.959056Z","id":"CVE-2025-31977","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-28T17:14:21.168Z"}}]}}