8.1

CVE-2017-14337

EPSS 0.62%
Veröffentlicht 12.09.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Misp-project ≫ Misp Version <= 2.4.79

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.677

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9

Third Party Advisory

https://www.circl.lu/advisory/CVE-2017-14337/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-14337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14337

EUVD