The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 93.7%.
Information Disclosure
NVD
VulDB
CVSS 3.1
3.7
EPSS
93.7%
Threat
5.1