How severe is CVE-2021-20328?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2021-20328?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2021-20328 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.

Related Vulnerabilities

CVE-2006-7246

MEDIUM

CVSS:6.8(Medium)

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CWE-2952006

CVE-2015-4100

MEDIUM

CVSS:6.8(Medium)

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authori...

CWE-2952015

CVE-2017-3182

MEDIUM

CVSS:6.8(Medium)

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attac...

CWE-2952017

CVE-2018-12205

MEDIUM

CVSS:6.8(Medium)

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated u...

CWE-2952018

CVE-2018-16261

MEDIUM

CVSS:6.8(Medium)

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

CWE-2952018

CVE-2019-3814

MEDIUM

CVSS:6.8(Medium)

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could p...

CWE-2952019