CVE-2019-14823HIGHCVSS 7.4≥ 4.4.6, ≤ 4.4.7·≥ 4.5.3, ≤ 4.5.4+1 more2019-10-14
CVE-2019-14823 [HIGH] CWE-358 CVE-2019-14823: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions a
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
nvd