CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,400 vulnerabilities with CWE-295
CVE-2018-17215 HIGH
Postman < 6.3.0 - Information Disclosure via Improper Certificate Validation
CVSS 8.1
CVE-2018-11087 MEDIUM
Spring AMQP 1.0.0-1.7.9 and 2.0.0-2.0.5 - Improper Certificate Validation
CVSS 5.9
CVE-2018-8479 MEDIUM
Azure IoT Device Provisioning - Spoofing
CVSS 5.6
CVE-2018-15898 MEDIUM
Subsonic Music Streamer 4.4 - Improper Certificate Validation
CVSS 5.9
CVE-2018-2460 MEDIUM
SAP Business One Android 1.2 - Improper Certificate Validation
CVSS 5.9
CVE-2018-11775 HIGH
Apache ActiveMQ < 5.15.6 - Improper Certificate Validation
CVSS 7.4
CVE-2018-12608 HIGH
Docker Moby <17.06.0 - Info Disclosure
CVSS 7.5
CVE-2018-0650 HIGH
LINE MUSIC for Android 3.1.0-3.6.4 - Improper Certificate Validation
CVSS 7.4
CVE-2018-16261 MEDIUM
Pulse Secure Desktop Client 5.3RX-5.3R5 and 9.0R1 - Privilege Escalation via Dynamic Certificate Trust
CVSS 6.8
CVE-2018-1000664 MEDIUM
DSub for Subsonic <5.4.1 - Improper Certificate Validation
CVSS 5.9
CVE-2018-15476 HIGH
myStrom WiFi Switch/LED Strip/Button/Plus < 3.80, Bulb < 2.58 - Improper Certificate Validation
CVSS 8.1
CVE-2018-12829 CRITICAL
Adobe Creative Cloud Desktop <4.6.1 - Privilege Escalation
CVSS 9.8
CVE-2018-3927 MEDIUM
Samsung STH-ETH-250 Firmware 0.20.17 - Information Disclosure via Insecure HTTPS Connection to backtrace.io
CVSS 6.8
CVE-2018-8034 HIGH
Apache Tomcat <9.0.10 - Info Disclosure
CVSS 7.5
CVE-2018-10894 MEDIUM
Keycloak - Improper Certificate Validation in SAML Authentication
CVSS 5.4
CVE-2018-1999035 HIGH
Jenkins Inedo BuildMaster <1.3 - SSRF
CVSS 7.4
CVE-2018-1999034 HIGH
Jenkins Inedo ProGet Plugin <0.8 - SSRF
CVSS 7.4
CVE-2018-1999025 HIGH
Jenkins TraceTronic ECU-TEST Plugin <2.3 - SSRF
CVSS 7.4
CVE-2018-8020 HIGH
Apache Tomcat Native 1.2.0-1.2.16/1.1.23-1.1.34 - Info Disclosure
CVSS 7.4
CVE-2018-8019 HIGH
Apache Tomcat Native 1.2.0-1.2.16, 1.1.23-1.1.34 - Info Disclosure
CVSS 7.4
CVE-2018-0622 HIGH
DHC Online Shop App for Android <= 3.2.0 - Improper Certificate Validation
CVSS 7.4
CVE-2018-8356 MEDIUM
Microsoft .NET Framework - Security Feature Bypass
CVSS 5.5
CVE-2018-12461 LOW
NetIQ eDirectory <9.1.1 - Info Disclosure
CVSS 3.5
CVE-2018-12499 HIGH
Motorola MBP853 Firmware - Improper Certificate Validation
CVSS 7.4
CVE-2018-1543 MEDIUM
IBM WebSphere MQ 8.0 and 9.0 - Improper Certificate Validation
CVSS 5.9
Details
Vulnerabilities 1,400
Links
MITRE CWE Entry Search this CWE With Exploits