Rewterz Threat Advisory – CVE-2020-3535 – Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
October 12, 2020Rewterz Threat Alert – RYUK Ransomware Network Compromise Using BazarLoader
October 13, 2020Rewterz Threat Advisory – CVE-2020-3535 – Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
October 12, 2020Rewterz Threat Alert – RYUK Ransomware Network Compromise Using BazarLoader
October 13, 2020Severity
High
Analysis Summary
CVE-2020-13955
Apache Calcite is vulnerable to a man-in-the-middle attack, caused by disabled hostname verification for HTTPS connections in the HttpUtils#getURLConnection method. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Impact
Disclosure of sensitive information
Affected Vendors
Apache
Affected Products
- Apache Calcite 0.8
- Apache Calcite 1.25
Remediation
Upgrade to the latest version of Apache Calcite (1.26 or later).