Lucene search

K

MitreCVELIST:CVE-2008-3249

HistoryJul 21, 2008 - 5:00 p.m.

CVE-2008-3249

2008-07-2117:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

References

secunia.com/advisories/30379

securitytracker.com/id?1020112

www.security-objectives.com/advisories/SECOBJADV-2008-01.txt

www.securityfocus.com/archive/1/492579

www.securityfocus.com/bid/29366

exchange.xforce.ibmcloud.com/vulnerabilities/42638

6.8 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

Related for CVELIST:CVE-2008-3249

nvd1 nessus1 prion1 cve1