Medium severity5.9NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026
CVE-2014-2845
CVE-2014-2845
Description
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/archive/1/532039/100/0/threadednvdExploitThird Party AdvisoryVDB Entry
- cyberduck.io/changelog/nvdIssue TrackingRelease NotesVendor Advisory
- secunia.com/advisories/58426nvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.