Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-1200

Опубликовано: 05 фев. 2019
Источник: nvd
CVSS3: 3.7
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:ibm:bigfix_compliance:*:*:*:*:*:*:*:*
Версия от 1.7 (включая) до 1.9.91 (включая)

EPSS

Процентиль: 24%
0.00082
Низкий

3.7 Low

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

github логотип

GHSA-67jr-4gph-p24h

CVSS3: 5.9
github
больше 3 лет назад

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.

EPSS

Процентиль: 24%
0.00082
Низкий

3.7 Low

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295