Version 9.5-9.5.18, 10-10.0.5

CVE-2021-27767

The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

MEDIUM CVSS 6.7 Published May 06, 2022

CVE-2021-27766

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

MEDIUM CVSS 6.7 Published May 06, 2022

CVE-2021-27765

The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

MEDIUM CVSS 6.7 Published May 06, 2022

CVE-2021-27762

Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses

MEDIUM CVSS 4.7 Published May 06, 2022

CVE-2021-27761

Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks

MEDIUM CVSS 4.8 Published May 06, 2022