Cleartext HTTP Communication Vulnerability in Agenzia delle Entrate Desktop Telematico 1.0.0

Cleartext HTTP Communication Vulnerability in Agenzia delle Entrate Desktop Telematico 1.0.0

CVE-2021-3003 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates.

Learn more about our Cis Benchmark Audit For Desktop Software.