7.4
CVE-2019-14823
- EPSS 0.29%
- Published 14.10.2019 20:15:10
- Last modified 21.11.2024 04:27:26
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Data is provided by the National Vulnerability Database (NVD)
Jss Cryptomanager Project ≫ Jss Cryptomanager Version >= 4.4.6 <= 4.4.7
Jss Cryptomanager Project ≫ Jss Cryptomanager Version >= 4.5.3 <= 4.5.4
Jss Cryptomanager Project ≫ Jss Cryptomanager Version >= 4.6.0 <= 4.6.2
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version6.1
Redhat ≫ Enterprise Linux Version6.2
Redhat ≫ Enterprise Linux Version6.3
Redhat ≫ Enterprise Linux Version6.4
Redhat ≫ Enterprise Linux Version6.5
Redhat ≫ Enterprise Linux Version6.6
Redhat ≫ Enterprise Linux Version6.7
Redhat ≫ Enterprise Linux Version6.8
Redhat ≫ Enterprise Linux Version6.9
Redhat ≫ Enterprise Linux Version6.10
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version7.1
Redhat ≫ Enterprise Linux Version7.2
Redhat ≫ Enterprise Linux Version7.3
Redhat ≫ Enterprise Linux Version7.4
Redhat ≫ Enterprise Linux Version7.5
Redhat ≫ Enterprise Linux Version7.6
Redhat ≫ Enterprise Linux Version7.7
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version7.0 HwPlatformx64
Redhat ≫ Enterprise Linux Eus Version7.7
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version7.0 HwPlatformx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.518 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| secalert@redhat.com | 6.8 | 1.6 | 5.2 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-358 Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.