Vulnerability Database

317,019

Total vulnerabilities in the database

CVE-2025-31962

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.

Published: Jan 7, 2026
Updated: Jan 8, 2026
CVE: CVE-2025-31962
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2
AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CWEs:

CWE-613

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

No affected software listed.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo