HCL Software is pleased to announce the availability of BigFix Remote Control version 10.1 FP3
Fixed vulnerabilities
HCL BigFix Remote Control version 10.1.0 FP2 and before are affected by the following security vulnerabilities:
-
CVE-2025-31965: Standard users could view some Admin pages into the Server.
Affected components: Remote Control Server. -
CVE-2024-13176: Timing side-channel in ECDSA signature computation (OpenSSL).
Affected components: Remote Control Target, Remote Control Broker, Remote Control Gateway.
Important Notice: AES 256 cryptographic algorithm enabled by default
With the new version of IBM WAS Liberty, AES 256 is now the default cryptographic algorithm, replacing AES 128 for stronger security.
To ensure seamless operation and leverage this enhanced encryption, we highly recommend you regenerate your SAML Metadata.
If FIPS is enabled, this step is mandatory. You must regenerate your SAML Metadata to encrypt passwords with AES 256, as AES 128 encrypted passwords are no longer supported.
You can regenerate the SAML Metadata during the Remote Control Server upgrade procedure by selecting the appropriate flag. After regenerating the metadata, please remember to re-register with your Identity Provider.
Resolved Defect Articles:
-
KB0119265: Remote control access shows a gray screen when connecting
-
KB0119643: Broker crash issue
-
KB0121115: Self-signed error for Root certificate with Reverse Proxy enabled on the Broker
-
KB0120278: Login disclaimer of the RC Server allows to bypass
-
KB0122763: Increased CPU usage of the RC Server with duplicate GUIDs of Unattended Targets
Published site version:
Remote Control, site version 80 (Build Number 10.1.0.0326)
With kind regards,
The BigFix Remote Control Team