Vulnerability Description
comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Comforte | Swap | >= 20.0.0, <= 21.5.3 |
| Hp | Nonstop Server | - |
Related Weaknesses (CWE)
References
- https://comforte.com/cve-2018-6653/Third Party Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://comforte.com/cve-2018-6653/Third Party Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2018-6653?
CVE-2018-6653 is a vulnerability with a CVSS score of 5.3 (MEDIUM). comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing th...
How severe is CVE-2018-6653?
CVE-2018-6653 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6653?
Check the references section above for vendor advisories and patch information. Affected products include: Comforte Swap, Hp Nonstop Server.