216.73.216.133

CVE-2026-48249

· Published 21/05/2026 18:16 · Modified 21/05/2026 19:10

Labels: CVE-2026-48249 2026-05-21CVE-2026-48249CWE-295[email protected]

Essential information

Published
21/05/2026 18:16
Modified
21/05/2026 19:10
Author
Creator
CVSS
8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile (RouteMate) login flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
open ises tickets / open ises tickets cpe:2.3:a:open_ises_tickets:open_ises_tickets:*:*:*:*:*:*:*:*

References