CVE-2021-27756

HIGH

BigFix Compliance <v2.0.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0056
EPSS Percentile 42.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-327
Status published
Products (1)
hcltech/bigfix_compliance 2.0 - 2.0.6
Published Mar 04, 2022
Tracked Since Feb 18, 2026