5 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Entrust Entelligence Security Provider (ESP) 8 no valida adecuadamente certificados en ciertas circunstancias que implican (1) una cadena que omite el certificado de Autoridad Certificadora (CA) raíz, o una aplicación que especifica descuidadamente (2) estados de revocación desconocidos durante la validación de ruta o (3) ciertos errores en la ruta de certificación, lo cual podría permitir a atacantes dependientes de contexto falsificar la autenticación de certificados. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceros. • http://secunia.com/advisories/26630 http://www.securityfocus.com/bid/25471 https://exchange.xforce.ibmcloud.com/vulnerabilities/36331 • CWE-255: Credentials Management Errors •

CVSS: 7.5EPSS: 12%CPEs: 9EXPL: 0

Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. • http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html http://www.auscert.org.au/render.html?it=4339 http://www.ciac.org/ciac/bulletins/o-206.shtml http://www.securityfocus.com/bid/11039 http://xforce.iss.net/xforce/alerts/id/181 https://exchange.xforce.ibmcloud.com/vulnerabilities/15669 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. Entrust Authority Security Manager (EASM) 6.0 no requiere que múltiples usuarios máster cambien el password de un usuario máster, lo que permitiría que un usuario master ejecute operaciones que requieren autorización múltiple. • http://www.kb.cert.org/vuls/id/720017 http://www.kb.cert.org/vuls/id/AAMN-5KKVXC http://www.securityfocus.com/bid/7284 https://exchange.xforce.ibmcloud.com/vulnerabilities/11724 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. • http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html http://marc.info/?l=bugtraq&m=100498111712723&w=2 http://www.kb.cert.org/vuls/id/243243 http://www.securityfocus.com/bid/3508 https://exchange.xforce.ibmcloud.com/vulnerabilities/7474 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. • http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6915 •