CVE-2021-27756
First published: Fri Mar 04 2022(Updated: )
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Bigfix Compliance | >=2.0<2.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-27756?
CVE-2021-27756 refers to a vulnerability in BigFix Compliance up to v2.0.5 where TLS-RSA cipher suites are not disabled, allowing an attacker to passively record traffic and later decrypt it if TLS 2.0 and secure ciphers are not enabled.
How does CVE-2021-27756 affect BigFix Compliance?
CVE-2021-27756 affects BigFix Compliance up to v2.0.5 by not disabling TLS-RSA cipher suites, which can lead to the potential decryption of recorded traffic.
What is the severity of CVE-2021-27756?
CVE-2021-27756 has a severity rating of 7.5 (high).
How do I fix CVE-2021-27756?
To fix CVE-2021-27756, update BigFix Compliance to version 2.0.6 or above and enable TLS 2.0 and secure ciphers.
Where can I find more information about CVE-2021-27756?
You can find more information about CVE-2021-27756 at the following link: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096977
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hcltech
- canonical/hcltech bigfix compliance
- version/hcltech bigfix compliance/2.0