PT-2018-4756 · Unicode Consortium · Uncode

Published

2018-05-29

Updated

2019-10-09

CVE-2016-10578

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions unicode versions prior to 9.0.0

Description The issue concerns the insecure download of resources over HTTP, which makes it susceptible to man-in-the-middle (MITM) attacks. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. The impact of this issue can range from being able to read sensitive information to remote code execution.

Recommendations Update to version 9.0.0 or later.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-310

Related Identifiers

CVE-2016-10578

GHSA-QJF4-7642-C57P

Affected Products

Uncode

PT-2018-4756 · Unicode Consortium · Uncode

CVE-2016-10578

Weakness Enumeration

Related Identifiers

Affected Products

References · 6