9.8
CVE-2017-14852
- EPSS 1.01%
- Veröffentlicht 03.06.2019 19:29:00
- Zuletzt bearbeitet 02.06.2026 20:16:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.584 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
http://www.securityfocus.com/bid/108167
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
http://www.orpak.com