Primary

Context

Agiloft Insecure Package Download Vulnerability

Vulnerability

A vulnerability exists in Agiloft Release 28, where critical system packages are downloaded over an insecure HTTP connection. This flaw allows an attacker in a Man-In-the-Middle position to intercept and modify the contents of the download. The issue affects on-premise installations of Agiloft.

Impact

Exploitation could lead to unauthorized modification of downloaded packages, potentially allowing for malicious code execution or other harmful actions within the application.

Remediation

Users are advised to upgrade to Agiloft Release 30 or later, where this vulnerability has been addressed. Instructions for upgrading can be found in the Agiloft Release Notes.

Added: Aug 26, 2025, 11:17 PM

Updated: Aug 26, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agiloft Insecure Package Download Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating