PT-2022-9927 · Pexip · Pexip Infinity Connect

Published

2022-02-18

·

Updated

2022-03-02

·

CVE-2021-29656

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Pexip Infinity Connect versions prior to 1.8.0
Description The issue concerns the mishandling of TLS certificate validation, where the allow list is not properly checked.
Recommendations For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2021-29656

Affected Products

Pexip Infinity Connect