Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-24320 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. | 5.9 |
| 2022-02-04 | CVE-2021-21959 | Improper Certificate Validation vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. | 8.1 |
| 2022-01-21 | CVE-2021-40855 | Improper Certificate Validation vulnerability in Europa Technical Specifications for Digital Covid Certificates 1.0 The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. | 9.8 |
| 2021-12-23 | CVE-2021-44273 | Improper Certificate Validation vulnerability in E2Bn E2Guardian e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. | 7.4 |
| 2021-12-16 | CVE-2021-41028 | Improper Certificate Validation vulnerability in Fortinet products A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | 7.5 |
| 2021-12-15 | CVE-2021-43882 | Improper Certificate Validation vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 9.8 |
| 2021-12-14 | CVE-2021-44549 | Improper Certificate Validation vulnerability in Apache Sling Commons Messaging Mail 1.0.0 Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. | 7.4 |
| 2021-12-13 | CVE-2020-4496 | Improper Certificate Validation vulnerability in IBM Spectrum Protect Plus The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. | 5.9 |
| 2021-12-10 | CVE-2021-31747 | Improper Certificate Validation vulnerability in Pluck-Cms Pluck 4.7.15 Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | 4.8 |
| 2021-11-23 | CVE-2021-40828 | Improper Certificate Validation vulnerability in Amazon products Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. | 8.8 |