MidnightBSD

Advisories for jss_cryptomanager_project

CVE-2019-14823 MEDIUM

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-295,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.3
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux 6.9
jss_cryptomanager_project jss_cryptomanager *
redhat enterprise_linux 7.4
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.10
redhat enterprise_linux 6.7
redhat enterprise_linux 7.1
redhat enterprise_linux 6.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 6.2
redhat enterprise_linux 6.0
redhat enterprise_linux 6.3
redhat enterprise_linux 6.6
redhat enterprise_linux 6.5
redhat enterprise_linux 7.5
redhat enterprise_linux 6.1
redhat enterprise_linux 6.8
redhat enterprise_linux 7.7
redhat enterprise_linux 7.2