MidnightBSD

Advisories for gencat

CVE-2014-6862 MEDIUM

The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gencat artacces 1
CVE-2019-12837 MEDIUM

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-706,CWE-863,

Products Affected

Vendor Product Version
gencat portal_d'acces_a_la_universitat 1.7.5