CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,400 vulnerabilities with CWE-295
CVE-2021-22131 MEDIUM
FortiToken Mobile <= 5.0.3 (Android), <= 5.2.0 (iOS), <= 4.0.3 (Windows) - Improper Certificate Validation
CVSS 6.4
CVE-2021-29726 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and Secure External Authentication Server 6.0.3 - Improper Certificate Validation
CVSS 5.3
CVE-2021-27768 MEDIUM
HCL Verse < 12.0.9 - Improper Certificate Validation
CVSS 6.3
CVE-2021-3898 MEDIUM
Motorola Ready For and Device Help < 2021-04-08 - Improper Certificate Validation
CVSS 6.8
CVE-2021-45490 CRITICAL
3CX < 18.0.4, < 18.0.11, < 2022-03-17 - Improper Certificate Validation
CVSS 9.1
CVE-2021-3618 HIGH
F5 NGINX < 1.21.0 - Improper Certificate Validation
CVSS 7.4
CVE-2021-3698 HIGH
Cockpit < 260 - Improper Certificate Validation via SSSD
CVSS 7.5
CVE-2021-42017 MEDIUM
Siemens RUGGEDCOM ROS - Improper Certificate Validation via CBC Encryption Mode
CVSS 5.9
CVE-2021-44533 MEDIUM
Node.js Certificate Validation Flaw via Multi-Value RDN
CVSS 5.3
CVE-2021-44532 MEDIUM
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Code Injection
CVSS 5.3
CVE-2021-44531 HIGH
Node.js < 12.22.9, < 14.18.3, < 16.13.2, < 17.3.1 - Improper Certificate Validation via URI SAN Type
CVSS 7.4
CVE-2021-25636 HIGH
LibreOffice 7.2.0-7.2.4 - Improper Certificate Validation via Manipulated KeyInfo Tag
CVSS 7.5
CVE-2021-29656 CRITICAL
Pexip Infinity Connect < 1.8.0 - Improper Certificate Validation
CVSS 9.8
CVE-2021-21959 HIGH
Sealevel SeaConnect 370W v1.3.34 - Improper Certificate Validation in MQTTS
CVSS 8.1
CVE-2021-40855 CRITICAL
Europa Technical Specifications For Digital Covid Certificates < 1.1 - Improper Certificate Validation
CVSS 9.8
CVE-2021-44273 HIGH
e2guardian 5.4.0-5.4.3r - Missing SSL Certificate Validation in MITM Engine
CVSS 7.4
CVE-2021-41028 HIGH
FortiClientEMS <7.0.1-6.4.6 - Man-in-the-Middle
CVSS 8.2
CVE-2021-43882 CRITICAL
Microsoft Defender for IoT < 10.5.3 - Remote Code Execution via Improper Certificate Validation
CVSS 9.0
CVE-2021-44549 HIGH
Apache Sling Commons Messaging Mail < 2.0 - Improper Certificate Validation
CVSS 7.4
CVE-2021-42027 HIGH
SINUMERIK Edge < 3.2 - Improper Certificate Validation
CVSS 7.4
CVE-2021-31747 MEDIUM
Pluck 4.7.15 - Improper Certificate Validation in update_applet.php
CVSS 4.8
CVE-2021-34599 HIGH
CODESYS Git < 1.1.0.0 - Improper Certificate Validation
CVSS 7.4
CVE-2021-40831 MEDIUM
AWS IoT Device SDK - Info Disclosure
CVSS 6.3
CVE-2021-40830 MEDIUM
AWS IoT Device SDK v2 < 1.5.0/1.5.3/1.6.1/1.12.7 - Improper Certificate Validation
CVSS 6.3
CVE-2021-40829 MEDIUM
AWS IoT Device SDK v2 Certificate Validation Flaw on macOS
CVSS 6.3
Details
Vulnerabilities 1,400
Links
MITRE CWE Entry Search this CWE With Exploits