How severe is CVE-2020-26234?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2020-26234?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2020-26234

MEDIUM Year: 2020

CVSS v3 Score

4.8

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-346

View all →

Vulnerability Description

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate.

CVE-2020-26251

MEDIUM

CVSS:4.7(Medium)

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing polic...

CWE-3462020

CVE-2021-26737

MEDIUM

CVSS:4.7(Medium)

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting ...

CWE-3462021

CVE-2023-2639

MEDIUM

CVSS:4.7(Medium)

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the o...

CWE-3462023

CVE-2023-2445

MEDIUM

CVSS:4.9(Medium)

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user v...

CWE-3462023

CVE-2022-1747

MEDIUM

CVSS:4.6(Medium)

The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnera...

CWE-3462022

CVE-2019-4640

MEDIUM

CVSS:4.4(Medium)

IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malic...

CWE-3462019

CVE-2020-26234

Vulnerability Description

Related Vulnerabilities

CVE-2020-26251

CVE-2021-26737

CVE-2023-2639

CVE-2023-2445

CVE-2022-1747

CVE-2019-4640