CVE-2022-21170 — LOW (3.7) — White Hats Nepal

Q: How severe is CVE-2022-21170?

CVE-2022-21170 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-21170?

Check the references section above for vendor advisories and patch information. Affected products include: Daj I-Filter Browser \& Cloud Multiagent, Daj I-Filter, Daj Dspa-15000 M5, Daj Dspa-2000 M4, Daj Dspa-4000 M4.

Vulnerability Description

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Daj	I-Filter Browser \& Cloud Multiagent	<= 4.93r04
Daj	I-Filter	<= 9.50r10
Daj	Dspa-15000 M5	3
Daj	Dspa-2000 M4	4
Daj	Dspa-4000 M4	4
Daj	Dspa-7000 M5	3

Related Weaknesses (CWE)

CWE-295

References

https://download.daj.co.jp/user/dspa/V3/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/dspa/V4/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/ifb/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/ifilter/V10/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/ifilter/V9/Permissions RequiredVendor Advisory
https://jvn.jp/en/jp/JVN33214411/index.htmlThird Party AdvisoryVDB Entry
https://download.daj.co.jp/user/dspa/V3/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/dspa/V4/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/ifb/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/ifilter/V10/Permissions RequiredVendor Advisory
https://download.daj.co.jp/user/ifilter/V9/Permissions RequiredVendor Advisory
https://jvn.jp/en/jp/JVN33214411/index.htmlThird Party AdvisoryVDB Entry

FAQ

What is CVE-2022-21170?

CVE-2022-21170 is a vulnerability with a CVSS score of 3.7 (LOW). Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ve...

How severe is CVE-2022-21170?

CVE-2022-21170 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-21170?

Check the references section above for vendor advisories and patch information. Affected products include: Daj I-Filter Browser \& Cloud Multiagent, Daj I-Filter, Daj Dspa-15000 M5, Daj Dspa-2000 M4, Daj Dspa-4000 M4.