How severe is CVE-2024-54147?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-54147?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2024-54147 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks (eg. public wifi, malicious DNS servers) may have all GraphQL request and response headers and bodies fully compromised including authorization tokens. The attack also allows obtaining full access to any signed-in Altair GraphQL Cloud account and replacing payment checkout pages with a malicious website. Version 8.0.5 fixes the issue.

Related Vulnerabilities

CVE-2006-7246

MEDIUM

CVSS:6.8(Medium)

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CWE-2952006

CVE-2015-4100

MEDIUM

CVSS:6.8(Medium)

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authori...

CWE-2952015

CVE-2017-3182

MEDIUM

CVSS:6.8(Medium)

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attac...

CWE-2952017

CVE-2018-12205

MEDIUM

CVSS:6.8(Medium)

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated u...

CWE-2952018

CVE-2018-16261

MEDIUM

CVSS:6.8(Medium)

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

CWE-2952018

CVE-2019-3814

MEDIUM

CVSS:6.8(Medium)

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could p...

CWE-2952019