CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.

Published: Dec 16, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-14254
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
hcltech / bigfix_platform	-	10.0.2.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733

Vulnerability Database

289,697

CVE-2020-14254