CVE-2021-27784 - Vulnerability Details - OpenCVE

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Hcl Launch Container Image

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:hcl_launch_container_image::::::::
	cpe:2.3:a:hcltech:hcl_launch_container_image::::::::
	cpe:2.3:a:hcltech:hcl_launch_container_image::::::::
	cpe:2.3:a:hcltech:hcl_launch_container_image:7.1.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_launch_container_image:7.1.0.1:ifix01::::::

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093

History

Fri, 02 May 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2022-10-31T22:05:09.914Z

Updated: 2025-05-02T17:39:05.435Z

Reserved: 2021-02-26T00:00:00.000Z

Link: CVE-2021-27784

Vulnrichment

Updated: 2024-08-03T21:33:15.655Z

NVD

Status : Modified

Published: 2022-10-31T22:15:12.563

Modified: 2024-11-21T05:58:33.613

Link: CVE-2021-27784

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-27784", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "datePublished": "2022-10-31T22:05:09.914Z", "dateUpdated": "2025-05-02T17:39:05.435Z", "dateReserved": "2021-02-26T00:00:00.000Z"}, "containers": {"cna": {"title": "HCL Launch container images may contain non-unique https certificates and database encryption key", "datePublic": "2022-10-19T00:00:00.000Z", "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2022-10-31T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages."}], "affected": [{"vendor": "HCL Software", "product": "HCL Launch", "versions": [{"version": "7.0.0.0 - 7.0.52; 7.1.0.0 - 7.1.0.1.ifix01; 7.2.0.0 - 7.2.3.0", "status": "affected"}]}], "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "cweId": "CWE-327"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:15.655Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T17:38:51.543908Z", "id": "CVE-2021-27784", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T17:39:05.435Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:15.655Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-27784", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T17:38:51.543908Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T17:38:57.546Z"}}], "cna": {"title": "HCL Launch container images may contain non-unique https certificates and database encryption key", "source": {"discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "HCL Software", "product": "HCL Launch", "versions": [{"status": "affected", "version": "7.0.0.0 - 7.0.52; 7.1.0.0 - 7.1.0.1.ifix01; 7.2.0.0 - 7.2.3.0"}]}], "datePublic": "2022-10-19T00:00:00.000Z", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2022-10-31T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2021-27784", "state": "PUBLISHED", "dateUpdated": "2025-05-02T17:39:05.435Z", "dateReserved": "2021-02-26T00:00:00.000Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2022-10-31T22:05:09.914Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:hcl_launch_container_image:*:*:*:*:*:*:*:*", "matchCriteriaId": "D89713FC-E391-44F9-8A89-6466F9C47F0E", "versionEndIncluding": "7.0.52", "versionStartIncluding": "7.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_launch_container_image:*:*:*:*:*:*:*:*", "matchCriteriaId": "368A31E7-06F9-48BD-91F7-DF6E83A0CA2F", "versionEndExcluding": "7.1.0.1", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_launch_container_image:*:*:*:*:*:*:*:*", "matchCriteriaId": "91EF4F21-15CF-469C-9DA3-995F59BE8244", "versionEndIncluding": "7.2.3.0", "versionStartIncluding": "7.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_launch_container_image:7.1.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "4A38F863-2A52-48A4-AD62-1CB2CF41877F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_launch_container_image:7.1.0.1:ifix01:*:*:*:*:*:*", "matchCriteriaId": "510F07AB-AF74-491E-91EC-F1D29E7B509B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages."}, {"lang": "es", "value": "Las im\u00e1genes de HCL Launch Container proporcionadas contienen certificados HTTPS no \u00fanicos y una clave de cifrado de base de datos. La soluci\u00f3n proporciona instrucciones y herramientas para reemplazar las claves y certificados no \u00fanicos. Esto no afecta a los paquetes de instalaci\u00f3n est\u00e1ndar.\n"}], "id": "CVE-2021-27784", "lastModified": "2024-11-21T05:58:33.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-31T22:15:12.563", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101093"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@hcl.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}