Description

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

Related CPE's

a

daj

i-filter_browser_\&_cloud_multiagent

*

*

*

*

*

windows

Vulnerable

a

daj

i-filter

2

h

daj

dspa-15000_m5

2

h

daj

dspa-2000_m4

4

h

daj

dspa-4000_m4

4

h

daj

dspa-7000_m5

2

References

https://download.daj.co.jp/user/dspa/V3/

Permissions RequiredVendor Advisory

https://download.daj.co.jp/user/dspa/V4/

Permissions RequiredVendor Advisory

https://download.daj.co.jp/user/ifb/

Permissions RequiredVendor Advisory

https://download.daj.co.jp/user/ifilter/V10/

Permissions RequiredVendor Advisory

https://download.daj.co.jp/user/ifilter/V9/

Permissions RequiredVendor Advisory

https://jvn.jp/en/jp/JVN33214411/index.html

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-295

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.7 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-10T17:45:10.083

3 years ago

Last modified

2022-03-16T17:04:47.047

3 years ago