PT-2019-15544 · European Commission · Eidas-Node Integration Package

Publicado

2019-10-30

Atualizado

2019-11-05

CVE-2019-18633

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions European Commission eIDAS-Node Integration Package versions prior to 2.3.1

Description The issue is related to Missing Certificate Validation. This occurs because a certain ExplicitKeyTrustEvaluator return value is not checked, which can lead to security problems. It is confirmed that version 2.1 is affected.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue.

Exploit

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2019-18633

Produtos afetados

Eidas-Node Integration Package

PT-2019-15544 · European Commission · Eidas-Node Integration Package

CVE-2019-18633

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3