exploitDog

CVE-2014-5321

Опубликовано: 22 сент. 2014

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.

Ссылки

http://jvn.jp/en/jp/JVN85812843/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114
http://jvn.jp/en/jp/JVN85812843/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:filemaker:filemaker_pro:*:*:*:*:*:*:*:*

Версия до 12.0.0.0 (включая)

cpe:2.3:a:filemaker:filemaker_pro_advanced:*:*:*:*:*:*:*:*

Версия до 12.0.0.0 (включая)

EPSS

Процентиль: 34%

0.00137

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-xx56-69wp-9qc8

github

больше 3 лет назад

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.

EPSS

Процентиль: 34%

0.00137

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310