VYPR

CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (720)

page 11 of 36
  • CVE-2017-2648MedJul 27, 2018
    risk 0.44cvss 6.8epss 0.01

    It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

  • CVE-2017-3182MedJul 24, 2018
    risk 0.44cvss 6.8epss 0.00

    On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to…

  • CVE-2015-4100MedDec 21, 2017
    risk 0.44cvss 6.8epss 0.01

    Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."

  • CVE-2018-8034HigAug 1, 2018
    risk 0.43cvss 7.5epss 0.21

    The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

  • CVE-2026-9259MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9258MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-23998HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to…

  • CVE-2025-42611MedMay 5, 2026
    risk 0.42cvss 6.5epss 0.00

    RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X), among others. The vulnerability lies in shared certificate…

  • CVE-2026-32281HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root…

  • CVE-2026-35389HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false). Any email signed with a self-signed or untrusted certificate was displayed as having a valid…

  • CVE-2026-20042MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are…

  • CVE-2026-27137HigMar 6, 2026
    risk 0.42cvss 7.5epss 0.01

    When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

  • CVE-2025-32057MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL…

  • CVE-2025-10548MedSep 23, 2025
    risk 0.42cvss 6.5epss 0.00

    The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious…

  • CVE-2025-35983MedJul 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for…

  • CVE-2025-24471MedJun 10, 2025
    risk 0.42cvss 6.5epss 0.00

    An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

  • CVE-2025-37730MedMay 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

  • CVE-2025-23118MedMar 1, 2025
    risk 0.42cvss 6.4epss 0.00

    An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

  • CVE-2022-27782HigJun 2, 2022
    risk 0.42cvss 7.5epss 0.03

    libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However,…

  • CVE-2018-11775HigSep 10, 2018
    risk 0.42cvss 7.4epss 0.07

    TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.