Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-27756
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix Compliance 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix Compliance是印度HCL公司的持续监控和应用终端安全设置,以确保符合法规或组织安全策略。 HCL BigFix Compliance 版本2.0.5之前版本存在加密问题漏洞,该漏洞源于TLS-RSA密码套件在BigFix Compliance版本2.0.5之前没有被禁用。如果没有启用TLS 2.0和安全密码,攻击者利用该漏洞就可以被动地记录流量,然后再解密。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-"BigFix Compliance Server" "BigFix Compliance Server 2.0 - 2.0.5" -
II. Public POCs for CVE-2021-27756
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-27756
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: n/a
V. Comments for CVE-2021-27756

No comments yet

Leave a comment