Описание
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:heimdalsecurity:thor:2.5.170:rc:*:*:*:*:*:*
cpe:2.3:a:heimdalsecurity:thor:2.5.171:*:*:*:*:*:*:*
cpe:2.3:a:heimdalsecurity:thor:2.5.172:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.0027
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
EPSS
Процентиль: 50%
0.0027
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-295