These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-15634 describes a missing authorization flaw in HCL BigFix WebUI. An authenticated user without the proper permissions may be able to reach an unauthorized page directly by URL and view sensitive environmental information. The issue is rated medium severity and maps to CWE-862 (missing authorization).
CVE-2025-15633 is an improper authorization issue in HCL BigFix WebUI. According to the CVE description and HCL reference, an authenticated user without Master Operator privileges may access internal data such as site names, versions, and configuration variables through unprotected endpoints, bypassing intended privilege checks. The CVSS score is 5.3 (Medium).