VYPR
Unrated severityNVD Advisory· Published Oct 14, 2019· Updated Aug 5, 2024

CVE-2019-14823

CVE-2019-14823

Description

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dogtag/Jssllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: affects >= 4.4.6

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.