Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
CVSS Information
N/A
Vulnerability Type
不恰当实现的标准安全检查
Vulnerability Title
JSS CryptoManager 安全特征问题漏洞
Vulnerability Description
JSS CryptoManager是一款JSS(Java网络安全服务)加密管理软件包。 JSS CryptoManager 4.4.6之后版本、4.5.3之后版本和4.6.0之后版本中‘Leaf and Chain’OCSP协议的实现存在安全特征问题漏洞。攻击者可利用该漏洞实施中间人等攻击。
CVSS Information
N/A
Vulnerability Type
N/A