[BESAdmin-Announcements] BigFix Remote Control 10.0 FP4 is available

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Fri May 14 09:24:42 PDT 2021 

HCL Software is pleased to announce the availability of BigFix Remote Control version 10.0 FP4

**Resolved Defect Articles:**
- KB0086512: Application Reset may cause a series of unnecessary LDAP Synchronizations.
- KB0087383: Controller Install / Upgrade task may fail.
- KB0086742: Remote Control upgrade installer cannot connect to the SQL database.
- KB0088685: Missing signature for Windows On Demand target executable.

**Security vulnerabilities addressed:**
Remote Control Server and Broker components are affected by the following vulnerability (See KB0090435 for more details):
-CVE ID:  CVE-2020-14277
Description: Weak TLS-RSA key exchange algorithm is enabled in BigFix Remote Control
CVSS v3 Score:  3.7

Remote Control Server and Controller components are affected by the following Java vulnerabilities (See KB0090438 for more details):
-CVEID:   CVE-2020-27221
DESCRIPTION:   Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
Affected components: Server on Linux

-CVEID:   CVE-2020-2773
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
Affected components: Server/Controller on Linux/Windows

-CVEID:   CVE-2020-14782
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
Affected components: Server/Controller on Linux/Windows

-CVEID:   CVE-2020-14797
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
Affected components: Server/Controller on Linux/Windows


**Published site version:**
Remote Control, site version 70 (Build Number 10.0.0.0410)

With kind regards,
      The BigFix Remote Control Team



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20210514/16b9453e/attachment.html>

More information about the Besadmin-announcements mailing list