CVE-2015-7298

EPSS 0.25%
Veröffentlicht 26.10.2015 14:59:10
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate.  NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Owncloud ≫ Owncloud Desktop Client Version <= 2.0.0

Qt ≫ Qt Version5.3.0

Qt ≫ Qt Version5.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.451

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

https://owncloud.org/security/advisory/?id=oc-sa-2015-016

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-7298

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7298

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7298

EUVD