PT-2021-15114 · Micro Focus · Micro Focus Application Automation Tools Plugin
Long Nguyen
·
Published
2021-04-08
·
Updated
2022-05-24
·
CVE-2021-22511
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Micro Focus Application Automation Tools Plugin versions 6.7 and earlier
Description
The issue is related to improper certificate validation, which could allow unconditionally disabling of SSL/TLS certificates. This affects connections to Service Virtualization servers, where SSL/TLS certificate validation is unconditionally disabled.
Recommendations
For versions 6.7 and earlier, consider updating to version 6.8 or later, which provides an option to disable SSL/TLS certificate validation for connections to Service Virtualization servers, rather than doing so unconditionally.
As a temporary workaround, consider restricting the use of the vulnerable plugin until a patch or update is available.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Micro Focus Application Automation Tools Plugin