exploitDog

GHSA-6v2h-8mcr-85f2

Опубликовано: 27 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.2

CVSS3: 8.1

Описание

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

Ссылки

EPSS

Процентиль: 5%

0.00022

Низкий

9.2 Critical

CVSS4

8.1 High

CVSS3

CVE ID

Дефекты

CWE-494

Связанные уязвимости

CVE-2025-35115

CVSS3: 8.1

nvd

6 месяцев назад

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

EPSS

Процентиль: 5%

0.00022

Низкий

9.2 Critical

CVSS4

8.1 High

CVSS3

CVE ID

Дефекты

CWE-494