CVE-2019-6266

CRITICAL

Cordaware bestinformed < 6.2.1.0 - Insecure SSL Certificate Verification

Title source: llm
STIX 2.1

Description

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://www.detack.de/en/cve-2019-6265-6266

Scores

CVSS v3 9.8
EPSS 0.0120
EPSS Percentile 64.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-295
Status published
Products (1)
cordaware/bestinformed < 6.2.1.0
Published Feb 25, 2019
Tracked Since Feb 18, 2026