Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN33214411/index.html | Third Party Advisory VDB Entry |
https://download.daj.co.jp/user/ifb/ | Permissions Required Vendor Advisory |
https://download.daj.co.jp/user/dspa/V3/ | Permissions Required Vendor Advisory |
https://download.daj.co.jp/user/ifilter/V10/ | Permissions Required Vendor Advisory |
https://download.daj.co.jp/user/dspa/V4/ | Permissions Required Vendor Advisory |
https://download.daj.co.jp/user/ifilter/V9/ | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Information
Published : 2022-03-10 09:45
Updated : 2022-03-16 10:04
NVD link : CVE-2022-21170
Mitre link : CVE-2022-21170
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
daj
- i-filter_browser_\&_cloud_multiagent
- dspa-7000_m5
- dspa-4000_m4
- dspa-2000_m4
- i-filter
- dspa-15000_m5