MidnightBSD

Advisories for cordaware

CVE-2019-6265 MEDIUM

The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
cordaware bestinformed *
CVE-2019-6266 HIGH

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-295,

Products Affected

Vendor Product Version
cordaware bestinformed *