漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
Vulnerability Description
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
对宿主不匹配的证书验证不恰当
Vulnerability Title
Progress Software OpenEdge 安全漏洞
Vulnerability Description
Progress Software OpenEdge是美国Progress Software公司的一套集成开发环境(IDE)。 Progress Software OpenEdge存在安全漏洞,该漏洞源于允许绕过TLS证书的主机名验证。
CVSS Information
N/A
Vulnerability Type
N/A