Lucene search
Veracode Vulnerability DatabaseVERACODE:27503HistoryOct 02, 2020 - 1:27 a.m.
Insecure Encryption Standards
2020-10-0201:27:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
55.3%
nifi-socket-utils uses insecure encryption standards. The weakness arises as it continued to allow support of TLS v1.0 and v1.1, when the NiFi UI, API, as well as listening for connections established by processors like ListenHTTP, HandleHttpRequest were protected by mandating TLS v1.2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nifi-socket-utils | le | 1.11.4 | |
| nifi-socket-utils | le | 1.11.4 |
References
github.com/apache/nifi/commit/441781cec50f77d9f1e65093f55bbd614b8c5ec6
github.com/apache/nifi/pull/4263
lists.apache.org/thread.html/r2d9c21f9ec35d66f2bb42f8abe876dabd786166b6284e9a33582c718@%3Ccommits.nifi.apache.org%3E
lists.apache.org/thread.html/re48582efe2ac973f8cff55c8b346825cb491c71935e15ab2d61ef3bf@%3Ccommits.nifi.apache.org%3E
nifi.apache.org/security#CVE-2020-9491
Related
prion
prion
Design/Logic Flaw
2020-10-01 20:15:00
cve
cve
CVE-2020-9491
2020-10-01 20:15:14
osv
osv
Inadequate Encryption Strength in Apache NiFi
2022-01-06 20:41:06
CVE-2020-9491
2020-10-01 20:15:14
nvd
nvd
CVE-2020-9491
2020-10-01 20:15:14
github
github
Inadequate Encryption Strength in Apache NiFi
2022-01-06 20:41:06
cvelist
cvelist
CVE-2020-9491
2020-10-01 19:57:34