Agenzia Delle Entrate · Agenzia Delle Entrate Desktop Telematico · CVE-2021-3003
**Name of the Vulnerable Software and Affected Versions**
Agenzia delle Entrate Desktop Telematico version 1.0.0
**Description**
The issue allows man-in-the-middle attackers to spoof product updates because it contacts the jws.agenziaentrate.it server over cleartext HTTP.
**Recommendations**
For version 1.0.0, consider disabling the cleartext HTTP connection to the jws.agenziaentrate.it server as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation. Avoid using the cleartext HTTP protocol for product updates until the issue is resolved.