Jss
Vulnerabilities
2
Known exploited
0
Max CVSS
6.8
Top EPSS
0.00859
Severity breakdown
Critical
0
High
0
Medium
2
Low
0
Also matched as (raw): jss
Top vulnerabilities
CVE-2019-14823A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
CVE-2010-2241The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.