Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-28 | CVE-2022-4895 | Improper Certificate Validation vulnerability in Hitachi products Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00. | 8.1 |
| 2023-02-27 | CVE-2023-1055 | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
| 2023-02-16 | CVE-2022-39948 | Improper Certificate Validation vulnerability in Fortinet Fortios and Fortiproxy An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy) | 7.4 |
| 2023-02-16 | CVE-2022-27890 | Improper Certificate Validation vulnerability in Palantir Atlasdb It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 7.4 |
| 2023-02-16 | CVE-2022-48306 | Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. | 6.8 |
| 2023-02-16 | CVE-2022-48307 | Improper Certificate Validation vulnerability in Palantir Magritte-Ftp It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
| 2023-02-16 | CVE-2022-48308 | Improper Certificate Validation vulnerability in Palantir Sls-Logging It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
| 2023-02-14 | CVE-2023-22943 | Improper Certificate Validation vulnerability in Splunk products In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. | 5.3 |
| 2023-02-13 | CVE-2023-22367 | Improper Certificate Validation vulnerability in Ichiranusa Ichiran Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 5.9 |
| 2023-02-11 | CVE-2022-34404 | Improper Certificate Validation vulnerability in Dell System Update 1.9/1.9.1 Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. | 6.0 |