CVE-2023-50356

Опубликовано: 31 янв. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.

Ссылки

https://www.areal-topkapi.com/en/services/security-bulletins
Vendor Advisory
https://www.areal-topkapi.com/en/services/security-bulletins
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:areal-topkapi:vision_server:*:*:*:*:*:*:*:*

Версия до 6.2.4719 (исключая)

EPSS

Процентиль: 33%

0.00129

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-hgqh-qj43-xfmf

CVSS3: 9.1

github

около 2 лет назад

SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.