CVE-2018-16499

Summary

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).

Affected Software

VendorProductVersion RangeStatus
n/aVersa VOSFixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1affected

Weaknesses

  • CWE-326: Inadequate Encryption Strength (CWE-326)

ADP Enrichment

CVE Program Container

Additional References

References