Primary

Context

Kaleris NAVIS N4 ULC Insecure Communication Vulnerability Allowing Sensitive Information Exposure

Vulnerability

A vulnerability exists in Kaleris NAVIS N4 Ultra Light Client (ULC) versions prior to 4.0, due to insecure communication over HTTP using zlib-compressed data. This flaw allows an attacker to intercept and extract sensitive information, including plaintext credentials, from the network traffic between Ultra Light Clients and N4 servers.

Impact

Exploitation of this vulnerability could lead to the unauthorized extraction of sensitive information, such as plaintext credentials, from intercepted network traffic.

Remediation

Kaleris recommends updating to NAVIS N4 versions 3.1.44, 3.2.26, 3.3.27, 3.4.25, 3.5.18, 3.6.14, 3.7.0, or 3.8.0. If an update is not possible, users should place N4 behind a firewall, disable the Ultra Light Client on exposed nodes, and implement TLS in their load balancer. For more information, users can contact Kaleris at security@kaleris.com.

Added: Jun 24, 2025, 7:22 PM

Updated: Jun 24, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kaleris NAVIS N4 ULC Insecure Communication Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating