What is CVE-2020-14254?

CVE-2020-14254 is a high-severity vulnerability in Hcltech Bigfix_platform, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 7.5/10. Published 2020-12-16.

How severe is CVE-2020-14254?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Hcltech Bigfix_platform

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.006 (45.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Hcltech Bigfix_platform
N/a Hcl Bigfix Inventory — versions v9.x, v10.x

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

psirt@hcl.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-14254?: CVE-2020-14254 is a high-severity vulnerability in Hcltech Bigfix_platform, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 7.5/10. Published 2020-12-16.
How severe is CVE-2020-14254?: High severity. CVSS v3 base score is 7.5 out of 10.