- Description
- In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD5D60C5-7E93-4B91-A04C-A416D11299C1",
"versionEndExcluding": "23.3.4.15"
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1058D97-F099-4FF9-A84F-3EE257E807C6",
"versionEndExcluding": "24.3.4.2",
"versionStartIncluding": "24.0"
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6091705-FAC3-4A2B-B5A6-93AFC892526A",
"versionEndExcluding": "25.0.2",
"versionStartIncluding": "25.0"
}
],
"operator": "OR"
}
]
}
]