PT-2022-9845 · Ibm · Bigfix Compliance
Published
2022-03-04
·
Updated
2022-03-12
·
CVE-2021-27756
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BigFix Compliance versions up to 2.0.5
Description
The issue concerns the failure to disable TLS-RSA cipher suites in BigFix Compliance. If TLS 2.0 and secure ciphers are not enabled, an attacker can passively record traffic and later decrypt it.
Recommendations
For BigFix Compliance versions up to 2.0.5, enable TLS 2.0 and secure ciphers to prevent the exploitation of this issue. As a temporary workaround, consider disabling the use of TLS-RSA cipher suites until a patch is available. Restrict access to sensitive data transmitted over TLS to minimize the risk of exploitation.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigfix Compliance