CVE-2026-21821

HIGH 8.3

HCL BigFix SCM Reporting is affected by vulnerabilities in jQuery

CVSS Score

8.3

EPSS Score

0.0%

EPSS Percentile

0th

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components.

CWE	CWE-1104
Vendor	hclsoftware
Product	bigfix scm reporting
Published	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for hclsoftware bigfix scm reporting

Be the first to know when new high vulnerabilities affecting hclsoftware bigfix scm reporting are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

HCLSoftware / BigFix SCM Reporting

11.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.hcl-software.com: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130744