PT-2022-14900 · I-Filter+2 · I-Filter+2
Published
2022-03-07
·
Updated
2022-03-16
·
CVE-2022-21170
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
i-FILTER versions prior to 10.45R01
i-FILTER versions prior to 9.50R10
i-FILTER Browser & Cloud MultiAgent for Windows versions prior to 4.93R04
D-SPA (Ver.3 / Ver.4) using i-FILTER
Description
The issue is related to an improper check for certificate revocation, which allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
Recommendations
For i-FILTER versions prior to 10.45R01, update to a version that properly checks for certificate revocation.
For i-FILTER versions prior to 9.50R10, update to a version that properly checks for certificate revocation.
For i-FILTER Browser & Cloud MultiAgent for Windows versions prior to 4.93R04, update to a version that properly checks for certificate revocation.
For D-SPA (Ver.3 / Ver.4) using i-FILTER, update to a version that properly checks for certificate revocation.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Spa
I-Filter
I-Filter Browser & Cloud Multiagent For Windows