Описание
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.92 (исключая)
cpe:2.3:a:gemalto:sentinel_ldk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00127
Низкий
5.3 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-300
CWE-346
Связанные уязвимости
github
больше 3 лет назад
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.
EPSS
Процентиль: 33%
0.00127
Низкий
5.3 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-300
CWE-346