CVE-2021-27765: HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability
First published: Thu Apr 21 2022(Updated: )
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Bigfix Platform | >=9.5<=9.5.18 | |
| Hcltech Bigfix Platform | >=10<=10.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27765?
CVE-2021-27765 is a vulnerability in the BigFix Server API installer, created with InstallShield, which could allow a local user to perform a privilege escalation.
How does CVE-2021-27765 affect BigFix Platform?
CVE-2021-27765 affects BigFix Platform versions 9.5.0 to 9.5.18 and versions 10.0.0 to 10.0.5.
What is the severity level of CVE-2021-27765?
CVE-2021-27765 has a severity level of 7.8 (High).
How can I fix CVE-2021-27765?
To fix CVE-2021-27765, update to an InstallShield version with the underlying vulnerability fixed.
Where can I find more information about CVE-2021-27765?
You can find more information about CVE-2021-27765 at the following references: [link1], [link2].
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/hcltech
- canonical/hcltech bigfix platform
- version/hcltech bigfix platform/9.5
- version/hcltech bigfix platform/9.5.18
- version/hcltech bigfix platform/10
- version/hcltech bigfix platform/10.0.5