Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2024-02-15 CVE-2023-47537 Improper Certificate Validation vulnerability in Fortinet Fortios
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.
network
high complexity
fortinet CWE-295
4.8
2024-02-07 CVE-2023-32330 Improper Certificate Validation vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server.
network
low complexity
ibm CWE-295
critical
9.8
2024-02-07 CVE-2023-43017 Improper Certificate Validation vulnerability in IBM Security Verify Access
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access.
network
low complexity
ibm CWE-295
7.2
2024-02-07 CVE-2023-47700 Improper Certificate Validation vulnerability in IBM Storage Virtualize 8.6
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server.
network
low complexity
ibm CWE-295
7.5
2024-02-06 CVE-2024-25140 Improper Certificate Validation vulnerability in Rustdesk 1.2.3
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033.
network
low complexity
rustdesk CWE-295
critical
9.8
2024-02-05 CVE-2024-1052 Improper Certificate Validation vulnerability in Hashicorp Boundary
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering.
network
high complexity
hashicorp CWE-295
8.0
2024-02-03 CVE-2024-0853 Improper Certificate Validation vulnerability in Haxx Curl 8.5.0
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed.
network
low complexity
haxx CWE-295
5.3
2024-02-02 CVE-2020-29504 Improper Certificate Validation vulnerability in Dell products
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.
network
low complexity
dell CWE-295
critical
9.8
2024-01-31 CVE-2023-28807 Improper Certificate Validation vulnerability in Zscaler Secure Internet and Saas Access
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic.
network
low complexity
zscaler CWE-295
7.5
2024-01-31 CVE-2023-50356 Improper Certificate Validation vulnerability in Areal-Topkapi Vision Server 6.2.4718
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server).
network
high complexity
areal-topkapi CWE-295
6.5