CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,397 vulnerabilities with CWE-295
CVE-2022-33682 MEDIUM
Apache Pulsar 2.6.4 and earlier, 2.7.0-2.7.4, 2.8.0-2.8.3, 2.9.0-2.9.2, 2.10.0 - Improper Certificate Validation
CVSS 5.9
CVE-2022-33681 MEDIUM
Pulsar Java Client/Pulsar Proxy - Info Disclosure
CVSS 5.9
CVE-2022-41244 HIGH
Jenkins View26 Test-Reporting Plugin <1.0.7 - Info Disclosure
CVSS 8.1
CVE-2022-41243 HIGH
Jenkins SmallTest Plugin <1.0.4 - Info Disclosure
CVSS 8.1
CVE-2022-29908 HIGH
Fabasoft Cloud Enterprise Client 22.4.0043 - Local Privilege Escalation via folioupdate Service
CVSS 7.8
CVE-2022-34831 CRITICAL
PrimeKey EJBCA < 7.9.0 - Improper Certificate Validation via ACME Order Finalization
CVSS 9.8
CVE-2022-36173 HIGH
FreshService macOS/Linux Agent <4.4.0/<3.4.0 - Info Disclosure
CVSS 8.1
CVE-2022-1632 MEDIUM
Redhat Ansible Automation Platform - Improper Certificate Validation
CVSS 6.5
CVE-2022-2996 HIGH
python-scciclient < 0.12.0 - Improper Certificate Validation
CVSS 7.4
CVE-2022-37437 HIGH
Splunk 9.0.0 - Improper Certificate Validation in Ingest Actions S3 Destination
CVSS 7.4
CVE-2022-34156 MEDIUM
Hulu < 3.0.81 - Improper Certificate Validation
CVSS 4.8
CVE-2022-34865 MEDIUM
BIG-IP 13.1.0-13.1.5 - Traffic Intelligence Feed Data Poisoning via Improper Certificate Validation
CVSS 4.8
CVE-2022-31183 CRITICAL
fs2-io < - SSL Verification Bypass
CVSS 9.1
CVE-2022-1805 HIGH
Tera2 PCoIP Zero Client Firmware < 22.01.5 - Improper Certificate Validation
CVSS 8.1
CVE-2022-36881 HIGH
Jenkins Git client Plugin <= 3.11.0 - SSH Host Key Verification Bypass
CVSS 8.1
CVE-2022-26305 HIGH
LibreOffice 7.2.0-7.2.6 - Improper Certificate Validation for Macro Signatures
CVSS 7.5
CVE-2022-20860 HIGH
Cisco Nexus Dashboard 1.1-2.2(1h) - Unauthenticated Man-in-the-Middle via SSL Certificate Validation Bypass
CVSS 7.4
CVE-2022-32210 MEDIUM
Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent
CVSS 6.5
CVE-2022-31105 HIGH
Argo CD <2.2.11-2.4.5 - Improper Certificate Validation
CVSS 8.3
CVE-2022-20813 CRITICAL
Cisco Expressway and TelePresence VCS < X14.0.7 - Arbitrary File Overwrite and Null Byte Poisoning
CVSS 9.0
CVE-2022-31083 HIGH
Parse Server <4.10.11, <5.2.2 - Auth Bypass
CVSS 8.6
CVE-2022-32156 HIGH
Splunk Enterprise and Universal Forwarder < 9.0 - Improper Certificate Validation in CLI
CVSS 8.1
CVE-2022-32153 HIGH
Splunk Enterprise <9.0-8.2.2203 - Privilege Escalation
CVSS 8.1
CVE-2022-32152 HIGH
Splunk Enterprise < 9.0 & Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
CVSS 8.1
CVE-2022-32151 HIGH
Splunk < 9.0 and Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
CVSS 7.4
Details
Vulnerabilities 1,397
Links
MITRE CWE Entry Search this CWE With Exploits