Описание
Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass certificate validation mechanisms and provide arbitrary certificates that do not have proper signatures.
According to the CVSS metric, the attack vector is network (AV:N), privilege required is low (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?
A security feature bypass vulnerability exists when On-Prem Data Gateway does not perform certificate validation logic correctly and impacts the reliability of the backend infrastructure's workflow. An authenticated attacker with normal user privileges, via network connection or web request, could provide the workflow with an arbitrary untrusted certificate, with an arbitrary common name, which does not have proper signature.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8 High
CVSS3
Связанные уязвимости
Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
Уязвимость локального шлюза данных Microsoft On-Premises Data Gateway, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти ограничения безопасности
EPSS
8 High
CVSS3