CVE-2024-39771

Summary

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.

Affected Software

VendorProductVersion RangeStatus
Safie Inc.QBiC CLOUD CC-2Lv1.1.30 and earlieraffected
Safie Inc.Safie Onev1.8.2 and earlieraffected

Weaknesses

  • Improper certificate validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References