BigFix Remote Control 10.0 FP4 is available

Release Announcements Lifecycle (Release Announcements)
1

HCL Software is pleased to announce the availability of BigFix Remote Control version 10.0 FP4

Resolved Defect Articles:

  • KB0086512: Application Reset may cause a series of unnecessary LDAP Synchronizations.
  • KB0087383: Controller Install / Upgrade task may fail.
  • KB0086742: Remote Control upgrade installer cannot connect to the SQL database.
  • KB0088685: Missing signature for Windows On Demand target executable.

Security vulnerabilities addressed:
Remote Control Server and Broker components are affected by the following vulnerability (See KB0090435 for more details):
-CVE ID: CVE-2020-14277
Description: Weak TLS-RSA key exchange algorithm is enabled in BigFix Remote Control
CVSS v3 Score: 3.7

Remote Control Server and Controller components are affected by the following Java vulnerabilities (See KB0090438 for more details):
-CVEID: CVE-2020-27221
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
Affected components: Server on Linux

-CVEID: CVE-2020-2773
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
Affected components: Server/Controller on Linux/Windows

-CVEID: CVE-2020-14782
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
Affected components: Server/Controller on Linux/Windows

-CVEID: CVE-2020-14797
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
Affected components: Server/Controller on Linux/Windows

Published site version:
Remote Control, site version 70 (Build Number 10.0.0.0410)

With kind regards,
The BigFix Remote Control Team