exploitDog

CVE-2020-14254

Опубликовано: 16 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733
Patch
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*

Версия до 10.0.2 (включая)

EPSS

Процентиль: 36%

0.00151

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-wfwq-hhcq-h62r

github

больше 3 лет назад

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.

EPSS

Процентиль: 36%

0.00151

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-327