PT-2021-21340 · Cfengine · Cfengine Enterprise

Published

2021-10-27

·

Updated

2024-06-27

·

CVE-2021-36756

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions CFEngine Enterprise versions 3.15.0 through 3.15.4
Description The issue concerns missing SSL certificate validation.
Recommendations For versions 3.15.0 through 3.15.4, update to a version that includes the fix for the missing SSL certificate validation issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2021-36756
OPENSUSE-SU-2024:11873-1
ROSA-SA-2024-2436

Affected Products

Cfengine Enterprise