← back
CVE-2022-2996

CVE-2022-2996

EPSS 0.5%CWE-295
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
Affected products
n/a · python-scciclient

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2022/11/msg00006.htmlhttps://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c