A Security Misconfiguration vulnerability affects HCL VersionVault Express
CVE-2021-27779

9.1CRITICAL

Key Information:

Vendor: Hcl Software
Status: Hcl Versionvault Express
Vendor: CVE Published:; 25 May 2022

Summary

VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.

Affected Version(s)

HCL VersionVault Express 2.0.x

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 25, 2022
Vulnerability Reserved
Feb 26, 2021

.