CVE-2014-5321

2014-09-2201:55:05

CWE-310

[email protected]

web.nvd.nist.gov

filemaker pro

pro advanced

ssl

x.509 certificates

man-in-the-middle

cve-2014-5321

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.9%

JSON

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.

Affected configurations

NVD

Node

filemakerfilemaker_proRange≤12.0.0.0

filemakerfilemaker_pro_advancedRange≤12.0.0.0

CPENameOperatorVersion
filemaker:filemaker_profilemaker filemaker prole12.0.0.0
filemaker:filemaker_pro_advancedfilemaker filemaker pro advancedle12.0.0.0