CVE-2024-39771

CVSS 4.2 MEDIUMEPSS 0.1%CWE-295

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Safie Inc. · QBiC CLOUD CC-2L Safie Inc. · Safie One

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN83440451/https://safie.jp/information/post_6933/