HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.   The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 18 Aug 2025 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Sat, 16 Aug 2025 21:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Hcltech Hcltech bigfix Saas | |
| Vendors & Products | Hcltech Hcltech bigfix Saas | 
Fri, 15 Aug 2025 23:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning. | |
| Title | HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning | |
| Weaknesses | CWE-346 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: HCL
Published: 2025-08-15T22:45:55.628Z
Updated: 2025-08-18T19:00:48.752Z
Reserved: 2025-06-18T14:00:40.358Z
Link: CVE-2025-52621
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-08-18T13:38:24.685Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-08-15T23:15:26.670
Modified: 2025-08-18T20:16:28.750
Link: CVE-2025-52621
 Redhat
                        Redhat
                    No data.