CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23551 – HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint
https://notcve.org/view.php?id=CVE-2024-23551
07 May 2024 — Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. El escaneo de la base de datos mediante nombre de usuario y contraseña almacena las credenciales en texto sin format... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27756
https://notcve.org/view.php?id=CVE-2021-27756
04 Mar 2022 — "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it." Los conjuntos de cifrado TLS-RSA no están deshabilitados en BigFix Compliance versiones hasta 2.0.5. Si TLS versión 2.0 y los cifrados seguros no están habilitados, un atacante puede grabar el tráfico de forma pasiva y descifrarlo posteriormente • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096977 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •