Security Advisory

CVE-2019-14823

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-14 19:35:04

Last updated 2024-08-05 00:26:39

Assigner redhat

State PUBLISHED

Description

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

← Browse all CVEs View on cve.org ↗