5 matches found
CVE-2026-41132
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-41132
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-41132
CVE-2026-41132 affects CKAN prior to versions 2.10.10 and 2.11.5, where the SMTP connection lacks certificate validation. This allows a MITM attacker to spoof the SMTP server and potentially access credentials and email contents. The issue is mitigated by upgrading CKAN to 2.10.10 or 2.11.5 (or n...
CVE-2024-49782 IBM OpenPages improper certificate validation
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...
CVE-2024-49782
IBM OpenPages with Watson 8.3 and 9.0: remote attacker could spoof mail server identity over SSL/TLS due to improper certificate validation (host mismatch). Consequences include disclosure of information in email notifications or disrupted delivery. Affected: IBM OpenPages 9.0 and OpenPages with ...