Cfengine
CVE-2021-36756
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
AnalysisAI
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-295. CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Affected products include: Northern.Tech Cfengine. Version information: through 3.15.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. Rated high severity (CVSS 7.5), this vulnerability
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. Ra
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today