CVE-2019-8282

MEDIUM

Gemalto Sentinel LDK < 7.92 - Cleartext HTTP Communication with Language Pack Server

Title source: llm

Description

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/

Scores

CVSS v3 5.3

EPSS 0.0042

EPSS Percentile 32.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-300 CWE-346

Status published

Products (1)

gemalto/sentinel_ldk < 7.92

Published Jun 07, 2019

Tracked Since Feb 18, 2026