CVE-2022-21170
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
10/03/2022
Last modified:
16/03/2022
Description
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
Impact
Base Score 3.x
3.70
Severity 3.x
LOW
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:daj:i-filter_browser_\&_cloud_multiagent:*:*:*:*:*:windows:*:* | 4.93r04 (including) | |
| cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:* | 9.50r10 (including) | |
| cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:* | 10.0 (including) | 10.45r01 (including) |
| cpe:2.3:h:daj:dspa-15000_m5:3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:daj:dspa-15000_m5:4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:daj:dspa-2000_m4:4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:daj:dspa-4000_m4:4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:daj:dspa-7000_m5:3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:daj:dspa-7000_m5:4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page