exploitDog

GHSA-hgqh-qj43-xfmf

Опубликовано: 31 янв. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.

SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.

Ссылки

EPSS

Процентиль: 33%

0.00129

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-295

Связанные уязвимости

CVE-2023-50356

CVSS3: 6.5

nvd

около 2 лет назад

SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.

EPSS

Процентиль: 33%

0.00129

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-295