all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-27890 (atlasdb)

Add to bookmarks
Feb. 16, 2023, 4:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a …

abuse api attack case certificates communications controls cve intercept logging malicious man-in-the-middle .net network privileged service sls ssl tls tls certificates vulnerability

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 3 weeks ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months, 3 weeks ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Incident Response Lead(IR)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Comcast Cybersecurity: Privacy Operations Executive Director

@ Comcast | PA - Philadelphia, 1701 John F Kennedy Blvd
View on infosec-jobs.com