CVE-2021-27761 : Weak web transport security (Weak TLS): An attacker may be able to decrypt the d

Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks

Published 2022-05-06 18:15:09

Updated 2022-05-18 13:19:15

Source HCL Software

View at NVD, CVE.org

Products affected by CVE-2021-27761

Hcltech » Bigfix Platform
Versions from including (>=) 10.0 and before (<) 10.0.6
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
Matching versions
Hcltech » Bigfix Platform
Versions from including (>=) 9.5 and before (<) 9.5.19
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N	2.2	2.5	HCL Software
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Assigned by: nvd@nist.gov (Primary)

Jump to