Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2022-01-11 CVE-2022-21836 Improper Certificate Validation vulnerability in Microsoft products
Windows Certificate Spoofing Vulnerability.
local
low complexity
microsoft CWE-295
7.2
2021-12-23 CVE-2021-44273 Improper Certificate Validation vulnerability in E2Bn E2Guardian
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine.
network
e2bn CWE-295
5.8
2021-12-16 CVE-2021-41028 Improper Certificate Validation vulnerability in Fortinet Forticlient
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
5.4
2021-12-14 CVE-2021-44549 Improper Certificate Validation vulnerability in Apache Sling Commons Messaging Mail 1.0.0
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS.
network
apache CWE-295
5.8
2021-12-14 CVE-2021-42027 Improper Certificate Validation vulnerability in Siemens Sinumerik Edge
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2).
network
siemens CWE-295
5.8
2021-12-13 CVE-2020-4496 Improper Certificate Validation vulnerability in IBM Spectrum Protect Plus
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation.
network
ibm CWE-295
4.3
2021-12-10 CVE-2021-31747 Improper Certificate Validation vulnerability in Pluck-Cms Pluck 4.7.15
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
network
pluck-cms CWE-295
5.8
2021-12-01 CVE-2021-34599 Improper Certificate Validation vulnerability in Codesys GIT
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes.
network
codesys CWE-295
5.8
2021-11-23 CVE-2021-40828 Improper Certificate Validation vulnerability in Amazon products
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows.
low complexity
amazon CWE-295
5.8
2021-11-23 CVE-2021-40829 Improper Certificate Validation vulnerability in Amazon web Services Internet of Things Device Software Development KIT V2
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS.
low complexity
amazon CWE-295
5.8