CVE-2024-13956

CWE-295 — Improper Certificate Validation5 documents4 sources

Severity

8.8HIGH

EPSS

0.3%

top 47.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series

Timeline

PublishedMay 22

Description

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Affected Packages3 packages

▶CVEListV5abb/nexus_series3.*

▶CVEListV5abb/matrix_series3.*

▶CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

CVEList

SSL Verification Bypass↗2025-05-22

▶

GHSA

GHSA-r532-jjq9-737h: SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3↗2025-05-22

▶

📋Vendor Advisories

Oracle

Oracle Oracle Commerce Risk Matrix: Endeca Integration (Apache HttpClient) — CVE-2020-13956↗2024-10-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Platform (Apache HttpClient) — CVE-2020-13956↗2024-07-15

▶