CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
HCLCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
hcltechbigfix_platform
𝑥
≤ 10.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085733