Lucene search

HCLCVELIST:CVE-2021-27784

HistoryOct 31, 2022 - 10:05 p.m.

CVE-2021-27784 HCL Launch container images may contain non-unique https certificates and database encryption key

2022-10-3122:05:09

CWE-327

HCL

www.cve.org

hcl launch

container images

non-unique

https certificates

database encryption key

fix

directions

tools

standard installer packages

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

40.3%

JSON

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.

CNA Affected

[
  {
    "vendor": "HCL Software",
    "product": "HCL Launch",
    "versions": [
      {
        "version": "7.0.0.0 - 7.0.52; 7.1.0.0 - 7.1.0.1.ifix01; 7.2.0.0 - 7.2.3.0",
        "status": "affected"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

40.3%

JSON

Related for CVELIST:CVE-2021-27784