Описание
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
5.1 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.
Уязвимость механизма HSTS (HTTP Strict Transport Security) веб-сервера программного средства мониторинга и анализа сетевого трафика в промышленных сетях SINEC Traffic Analyzer, позволяющая нарушителю выполнить Downgrade-атаку (атака с понижением версии протокола)
EPSS
5.1 Medium
CVSS3
7.5 High
CVSS3