How severe is CVE-2024-53846?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-53846?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2024-53846 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).

Related Vulnerabilities

CVE-2012-1096

MEDIUM

CVSS:5.5(Medium)

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

CWE-2952012

CVE-2017-8445

MEDIUM

CVSS:5.5(Medium)

An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certi...

CWE-2952017

CVE-2018-8356

MEDIUM

CVSS:5.5(Medium)

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects...

CWE-2952018

CVE-2019-14334

MEDIUM

CVSS:5.5(Medium)

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert...

CWE-2952019

CVE-2021-26320

MEDIUM

CVSS:5.5(Medium)

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP

CWE-2952021

CVE-2022-22946

MEDIUM

CVSS:5.5(Medium)

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager....

CWE-2952022