CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,400 vulnerabilities with CWE-295
CVE-2021-40828 MEDIUM
AWS IoT Device SDK v2 < 1.3.3/1.5.18/1.12.7/1.5.3 - Improper Certificate Validation on Windows
CVSS 6.3
CVE-2021-3935 HIGH
pgbouncer < 1.16.1 - SQL Injection via Man-in-the-Middle Attack on Cert Authentication
CVSS 8.1
CVE-2021-23167 HIGH
Gallagher Command Centre <8.50.2048-8.50 - Info Disclosure
CVSS 8.1
CVE-2021-23162 HIGH
Gallagher Command Centre Mobile Connect <15.04.040 - Man-in-the-middle
CVSS 7.7
CVE-2021-23155 CRITICAL
Gallagher Command Centre Mobile Client <8.60.065 - Man-in-the-middle
CVSS 9.0
CVE-2021-26320 MEDIUM
AMD EPYC Firmware - Denial of Service via Insufficient ASK Validation in SEND_START Command
CVSS 5.5
CVE-2021-41019 LOW
FortiOS < 6.4.6 - Improper Certificate Validation via LDAP Server Connection
CVSS 3.5
CVE-2021-29737 HIGH
IBM InfoSphere Information Server 11.7 - Improper Certificate Validation in Data Flow Designer Engine
CVSS 7.5
CVE-2021-22278 MEDIUM
ABB Update Manager 2.7-<2.10 - Improper Certificate Validation
CVSS 6.7
CVE-2021-36756 MEDIUM
CFEngine 3.15.0-3.15.4 - Improper Certificate Validation
CVSS 6.5
CVE-2021-41611 HIGH
Squid 5.0.6-5.1.x - Improper Certificate Validation
CVSS 7.5
CVE-2021-20833 HIGH
SNKRDUNK Market Place App <2.2.0 - SSL/TLS Man-In-The-Middle
CVSS 7.4
CVE-2021-25634 HIGH
LibreOffice 7.0.0-7.0.5 and 7.1.0-7.1.1 - Improper Certificate Validation in ODF Document Signature Verification
CVSS 7.5
CVE-2021-25633 HIGH
LibreOffice 7.0.0-7.0.5 and 7.1.0-7.1.1 - Improper Certificate Validation via Manipulated Document Signatures
CVSS 7.5
CVE-2021-35497 HIGH
TIBCO ActiveSpaces/TIBCO FTL <version> - RCE
CVSS 7.5
CVE-2021-40713 MEDIUM
Adobe Experience Manager <6.5.9.0 - Info Disclosure
CVSS 5.9
CVE-2021-33907 CRITICAL
Zoom Meetings < 5.3.0 - Remote Code Execution via Improper Certificate Validation
CVSS 9.8
CVE-2021-38864 HIGH
IBM Security Verify Bridge <1.0.5.0 - Info Disclosure
CVSS 7.5
CVE-2021-20435 MEDIUM
IBM Security Verify Bridge <1.0.5.0 - Info Disclosure
CVSS 5.5
CVE-2021-33695 CRITICAL
SAP Cloud Connector <2.0 - Info Disclosure
CVSS 9.1
CVE-2021-1837 MEDIUM
iPadOS < 14.5 - Certificate Validation Issue
CVSS 5.3
CVE-2021-37219 HIGH
HashiCorp Consul <1.8.15, 1.10.1 - Privilege Escalation via Raft RPC Layer
CVSS 8.8
CVE-2021-37218 HIGH
HashiCorp Nomad < 1.0.10 - Privilege Escalation via Raft RPC Layer
CVSS 8.8
CVE-2021-27018 HIGH
Puppet Remediate < 2.0.1 - Improper Certificate Validation
CVSS 7.5
CVE-2021-39365 MEDIUM
GNOME grilo <= 0.3.13 - Improper Certificate Validation in SoupSessionAsync
CVSS 5.9
Details
Vulnerabilities 1,400
Links
MITRE CWE Entry Search this CWE With Exploits