TLS-RSA Cipher Suites Vulnerability in HCL BigFix Compliance
CVE-2021-27756

7.5HIGH

Key Information:

Vendor

HCL Software
Status
"bigfix Compliance Server"
Vendor
CVE Published:
4 March 2022

What is CVE-2021-27756?

In HCL BigFix Compliance versions up to 2.0.5, TLS-RSA cipher suites remain enabled, posing a risk when TLS 2.0 and secure cipher configurations are not utilized. This vulnerability allows attackers to passively capture network traffic and potentially decrypt it later, compromising data confidentiality.

Affected Version(s)

"BigFix Compliance Server" "BigFix Compliance Server 2.0 - 2.0.5"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.