3 matches found
CVE-2025-59270 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...
PT-2018-2489 · Gnu +2 · Gnutls +2
Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 3.6.5 Description: The issue is related to an error in verifying decrypted RSA data, allowing an attacker to potentially access protected information through a side-channel cache attack. Specifically, a Bleichenbacher...
Security Bulletin: Vulnerabilities in GSKit affect IBM SPSS Modeler (CVE-2015-0159, CVE-2015-0138, CVE-2014-6221)
Summary GSKit is an IBM component that is used by IBM SPSS Modeler. The GSKit that is shipped with IBM SPSS Modeler contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM SPSS Modeler has addressed the...