exploitDog

CVE-2019-6266

Опубликовано: 25 фев. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.

Ссылки

https://www.detack.de/en/cve-2019-6265-6266
Mitigation
Third Party Advisory
https://www.detack.de/en/cve-2019-6265-6266
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cordaware:bestinformed:*:*:*:*:*:windows:*:*

Версия до 6.2.1.0 (исключая)

EPSS

Процентиль: 49%

0.00258

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-m74j-pp4x-r2g8

CVSS3: 9.8

github

больше 3 лет назад

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.

EPSS

Процентиль: 49%

0.00258

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-295