CVE-2022-2996

CVSS v4.0

9.1

Critical

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions python-scciclient (affected versions not specified)

Description A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2022-2996

DLA-3180-1

GHSA-RF3F-3P37-2QH4

PYSEC-2022-43152

RHSA-2022:7398

RHSA-2022:8854

RHSA-2022:8868

RHSA-2023:0276

Affected Products

Debian

Python-Scciclient

CVE-2022-2996

Weakness Enumeration

Related Identifiers

Affected Products

References · 15