TLS-RSA Cipher Suites Vulnerability in HCL BigFix Compliance
CVE-2021-27756

7.5HIGH

Key Information:

Vendor: HCL Software
Status: "bigfix Compliance Server"
Vendor: CVE Published:; 4 March 2022

Summary

In HCL BigFix Compliance versions up to 2.0.5, TLS-RSA cipher suites remain enabled, posing a risk when TLS 2.0 and secure cipher configurations are not utilized. This vulnerability allows attackers to passively capture network traffic and potentially decrypt it later, compromising data confidentiality.

Affected Version(s)

"BigFix Compliance Server" "BigFix Compliance Server 2.0 - 2.0.5"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2022
Vulnerability Reserved
Feb 26, 2021