CVE-2021-3003

Severity CVSS v4.0:
Pending analysis
Type:
CWE-319 Cleartext Transmission of Sensitive Information
Publication date:
10/05/2021
Last modified:
19/05/2021

Description

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:agenziaentrate:desktop_telematico:1.0.0:*:*:*:*:*:*:*