CVE-2019-8282

MEDIUM

Gemalto Sentinel Ldk < 7.92 - Origin Validation Error

Title source: rule

Description

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.

References (1)

[Third Party Advisory] https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-300 CWE-346

Status published

Affected Products (1)

gemalto/sentinel_ldk < 7.92

Timeline

Published Jun 07, 2019

Tracked Since Feb 18, 2026