CVE-2021-36756
MEDIUMCFEngine 3.15.0-3.15.4 - Improper Certificate Validation
Title source: llmDescription
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://cfengine.com/downloads/cfengine-enterprise/
Patch, Vendor Advisory x_refsource_misc
https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/
Scores
CVSS v3
6.5
EPSS
0.0040
EPSS Percentile
32.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-295
Status
published
Products (1)
northern.tech/cfengine
3.15.0 - 3.15.4
Published
Oct 27, 2021
Tracked Since
Feb 18, 2026