![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2020-3535 – Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
October 12, 2020![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – RYUK Ransomware Network Compromise Using BazarLoader
October 13, 2020![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2020-3535 – Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
October 12, 2020![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – RYUK Ransomware Network Compromise Using BazarLoader
October 13, 2020Severity
High
Analysis Summary
CVE-2020-13955
Apache Calcite is vulnerable to a man-in-the-middle attack, caused by disabled hostname verification for HTTPS connections in the HttpUtils#getURLConnection method. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Impact
Disclosure of sensitive information
Affected Vendors
Apache
Affected Products
- Apache Calcite 0.8
- Apache Calcite 1.25
Remediation
Upgrade to the latest version of Apache Calcite (1.26 or later).