PT-2019-18983 · Heimdal · Heimdal Thor Agent

Published

2019-03-21

Updated

2019-03-26

CVE-2019-8351

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Heimdal Thor Agent versions 2.5.17x through 2.5.172

Description The issue allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate because it does not verify X.509 certificates from TLS servers.

Recommendations For Heimdal Thor Agent versions 2.5.17x through 2.5.172, update to version 2.5.173 or later to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2019-8351

Affected Products

Heimdal Thor Agent

PT-2019-18983 · Heimdal · Heimdal Thor Agent

CVE-2019-8351

Weakness Enumeration

Related Identifiers

Affected Products

References · 3