Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-31421 Improper Certificate Validation vulnerability in Elastic products
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed.
network
low complexity
elastic CWE-295
7.5
2023-10-25 CVE-2023-31580 Improper Certificate Validation vulnerability in Networknt Light-Oauth2
light-oauth2 before version 2.1.27 obtains the public key without any verification.
network
high complexity
networknt CWE-295
5.9
2023-10-17 CVE-2022-3761 Improper Certificate Validation vulnerability in Openvpn Connect
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials
network
high complexity
openvpn CWE-295
5.9
2023-10-17 CVE-2022-43892 Improper Certificate Validation vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system.
network
low complexity
ibm CWE-295
5.3
2023-10-17 CVE-2022-22380 Improper Certificate Validation vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates.
network
low complexity
ibm CWE-295
4.3
2023-10-16 CVE-2023-5422 Improper Certificate Validation vulnerability in Otrs
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication.
network
low complexity
otrs CWE-295
critical
9.1
2023-10-13 CVE-2023-4499 Improper Certificate Validation vulnerability in HP Thinupdate
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure.
network
low complexity
hp CWE-295
7.5
2023-10-12 CVE-2023-5554 Improper Certificate Validation vulnerability in Linecorp Line
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.
network
low complexity
linecorp CWE-295
critical
9.8
2023-10-09 CVE-2023-45613 Improper Certificate Validation vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 server certificates were not verified
network
low complexity
jetbrains CWE-295
critical
9.1
2023-10-04 CVE-2023-2422 Improper Certificate Validation vulnerability in Redhat products
A flaw was found in Keycloak.
network
low complexity
redhat CWE-295
7.1