CVE-2022-21170

low-risk
Published 2022-03-10

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

Do I need to act?

-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (2)

I-Filter Browser \& Cloud Multiagent
I-Filter

Affected Vendors

Daj

References (12)

Permissions Required https://download.daj.co.jp/user/dspa/V3/
Permissions Required https://download.daj.co.jp/user/dspa/V4/
Permissions Required https://download.daj.co.jp/user/ifb/
Permissions Required https://download.daj.co.jp/user/ifilter/V10/
Permissions Required https://download.daj.co.jp/user/ifilter/V9/
Third Party Advisory https://jvn.jp/en/jp/JVN33214411/index.html
Permissions Required https://download.daj.co.jp/user/dspa/V3/
Permissions Required https://download.daj.co.jp/user/dspa/V4/
Permissions Required https://download.daj.co.jp/user/ifb/
Permissions Required https://download.daj.co.jp/user/ifilter/V10/
Permissions Required https://download.daj.co.jp/user/ifilter/V9/
Third Party Advisory https://jvn.jp/en/jp/JVN33214411/index.html
22
/ 100
low-risk
Severity 13/34 · Low
Exploitability 2/34 · Minimal
Exposure 7/34 · Low