CVE-2013-2770

EPSS 0.39%
Published 07.04.2013 17:55:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Novell ≫ Kanaka Update- SwPlatformmacos Version <= 2.7.1

Novell ≫ Open Enterprise Server

Novell ≫ Kanaka Version2.7 Update- SwPlatformmacos

Novell ≫ Open Enterprise Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.novell.com/support/kb/doc.php?id=7011965

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-2770

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2770

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2770

EUVD