PT-2020-10916 · Micro Focus · Data Protection Central

Published

2020-03-18

Updated

2020-03-27

CVE-2019-3762

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Data Protection Central versions 1.0 through 1.0.1, 18.1, 18.2, 19.1

Description The issue is related to an improper certificate chain of trust, which could be exploited by a remote unauthenticated attacker. This attacker could obtain a CA signed certificate from Data Protection Central, allowing them to impersonate a valid system and compromise data integrity.

Recommendations For versions 1.0 through 1.0.1, 18.1, 18.2, 19.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-296CWE-295

Related Identifiers

CVE-2019-3762

Affected Products

Data Protection Central

PT-2020-10916 · Micro Focus · Data Protection Central

CVE-2019-3762

Weakness Enumeration

Related Identifiers

Affected Products

References · 3