CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-3003

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 4.3

References

https://fibonhack.github.io/2021/desktop-telematico-mitm-to-rce
https://telematici.agenziaentrate.gov.it/Main/Desktop.jsp
https://fibonhack.github.io/2021/desktop-telematico-mitm-to-rce
https://telematici.agenziaentrate.gov.it/Main/Desktop.jsp

Products affected by CVE-2021-3003

Agenziaentrate » Desktop Telematico » Version: 1.0.0

cpe:2.3:a:agenziaentrate:desktop_telematico:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3003

Products

Pricing

Contact Us