An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | SAP_BASIS 758 |
| n/a | n/a | < 25.8.45 |