CVE-2019-14823
Description
A flaw was found in the Leaf and Chain OCSP policy implementation in JSS CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Risk Information
Base Score
7.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.287
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:3067) jss security update jss-4.4.6-3.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:3067) jss security update jss-javadoc-4.4.6-3.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:3067)Important: security update jss-debuginfo-4.4.6-3.el7_7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234