cbcvebase.
CVE-2017-14852
published 2019-06-03

CVE-2017-14852: An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The…

PriorityP341high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EPSS
1.00%
58.6th percentile
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.

Affected

1 ranges
VendorProductVersion rangeFixed in
orpaksiteomat< 6.4.414.0846.4.414.084

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.