// For flags

CVE-2013-0289

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Isync 0.4 anterior a 1.0.6, no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común (CN) o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-06 CVE Reserved
  • 2013-10-07 CVE Published
  • 2024-01-03 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
0.4
Search vendor "Isync Project" for product "Isync" and version "0.4"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
0.5
Search vendor "Isync Project" for product "Isync" and version "0.5"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
0.6
Search vendor "Isync Project" for product "Isync" and version "0.6"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
0.7
Search vendor "Isync Project" for product "Isync" and version "0.7"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
0.8
Search vendor "Isync Project" for product "Isync" and version "0.8"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
1.0.0
Search vendor "Isync Project" for product "Isync" and version "1.0.0"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
1.0.1
Search vendor "Isync Project" for product "Isync" and version "1.0.1"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
1.0.2
Search vendor "Isync Project" for product "Isync" and version "1.0.2"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
1.0.3
Search vendor "Isync Project" for product "Isync" and version "1.0.3"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
1.0.4
Search vendor "Isync Project" for product "Isync" and version "1.0.4"
-
Affected
Isync Project
Search vendor "Isync Project"
Isync
Search vendor "Isync Project" for product "Isync"
1.0.5
Search vendor "Isync Project" for product "Isync" and version "1.0.5"
-
Affected