CVE-2018-6653
Last modified
CVE-2018-6653 is a vulnerability of currently unknown severity. comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Comforte | Swap | >= 20.0.0, <= 21.5.3 |
| Comforte | Swap | >= 1049, <= 1069 |
References
- https://comforte.com/cve-2018-6653/Third Party Advisory
- https://comforte.com/cve-2018-6653/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-6653?
How severe is CVE-2018-6653?
How do I fix CVE-2018-6653?
Are you affected by CVE-2018-6653?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST