CVE-2019-18633

CRITICAL

European Commission eIDAS-Node Integration Package <2.3.1 - Info Di...

Title source: llm
STIX 2.1

Description

European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sec-consult.com/en/blog/advisories/15587/

Scores

CVSS v3 9.8
EPSS 0.0076
EPSS Percentile 50.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-295
Status published
Products (1)
europa/eidas-node_integration_package 2.1
Published Oct 30, 2019
Tracked Since Feb 18, 2026