CVE-2007-4594 : Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involvin

Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published 2007-08-29 22:17:00

Updated 2017-07-29 01:33:02

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-4594

Probability of exploitation activity in the next 30 days: 0.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-4594

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2007-4594

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-4594

Products affected by CVE-2007-4594

Entrust » Entelligence Security Provider » Version: 8
cpe:2.3:a:entrust:entelligence_security_provider:8:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-4594

Exploit prediction scoring system (EPSS) score for CVE-2007-4594

CVSS scores for CVE-2007-4594

CWE ids for CVE-2007-4594

References for CVE-2007-4594

Products affected by CVE-2007-4594