CWE-295
Improper Certificate Validation
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (720)
page 26 of 36| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1509 | Low | 0.24 | 3.7 | 0.01 | Oct 2, 2018 | IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a… | ||
| CVE-2016-2922 | Low | 0.24 | 3.7 | 0.01 | Aug 13, 2018 | IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to… | ||
| CVE-2017-15528 | Low | 0.24 | 3.7 | 0.01 | Nov 22, 2017 | Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target. | ||
| CVE-2016-1000033 | Low | 0.24 | 3.7 | 0.01 | Oct 25, 2016 | Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | ||
| CVE-2018-12461 | Low | 0.23 | 3.5 | 0.00 | Jul 10, 2018 | Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | ||
| CVE-2025-69412 | Low | 0.22 | 3.4 | 0.00 | Jan 1, 2026 | KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. | ||
| CVE-2025-65083 | Low | 0.21 | 3.2 | 0.00 | Nov 17, 2025 | GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to… | ||
| CVE-2024-48460 | Med | 0.21 | 4.3 | 0.00 | Jan 16, 2025 | An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails. | ||
| CVE-2025-6026 | Low | 0.20 | 3.1 | 0.00 | Oct 15, 2025 | An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data. | ||
| CVE-2025-23390 | med | 0.19 | — | 0.00 | Apr 25, 2025 | ### Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the `known_hosts` file. This could allow the execution of a… | ||
| CVE-2024-42186 | Low | 0.18 | 2.8 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. | ||
| CVE-2024-12174 | Low | 0.18 | 2.7 | 0.00 | Dec 9, 2024 | An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. | ||
| CVE-2024-4786 | Low | 0.18 | 2.8 | 0.00 | Jul 26, 2024 | An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. | ||
| CVE-2026-42791 | Low | 0.17 | 3.7 | 0.00 | May 27, 2026 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and… | ||
| CVE-2020-9488 | Low | 0.17 | 3.7 | 0.08 | Apr 27, 2020 | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 | ||
| CVE-2016-9015 | Low | 0.17 | 3.7 | 0.01 | Jan 11, 2017 | Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information… | ||
| CVE-2026-0872 | Low | 0.16 | — | 0.00 | Feb 13, 2026 | Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2. | ||
| CVE-2026-39388 | Low | 0.13 | 3.1 | 0.00 | Apr 21, 2026 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current request's presented mTLS certificate… | ||
| CVE-2026-0233 | Low | 0.13 | — | 0.00 | Apr 13, 2026 | A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. | ||
| CVE-2026-0228 | Low | 0.08 | — | 0.00 | Feb 11, 2026 | An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. |
- risk 0.24cvss 3.7epss 0.01
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a…
- risk 0.24cvss 3.7epss 0.01
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to…
- risk 0.24cvss 3.7epss 0.01
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
- risk 0.24cvss 3.7epss 0.01
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
- risk 0.23cvss 3.5epss 0.00
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
- risk 0.22cvss 3.4epss 0.00
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
- risk 0.21cvss 3.2epss 0.00
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to…
- risk 0.21cvss 4.3epss 0.00
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.
- risk 0.20cvss 3.1epss 0.00
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.
- risk 0.19cvss —epss 0.00
### Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the `known_hosts` file. This could allow the execution of a…
- risk 0.18cvss 2.8epss 0.00
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
- risk 0.18cvss 2.7epss 0.00
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
- risk 0.18cvss 2.8epss 0.00
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on.
- risk 0.17cvss 3.7epss 0.00
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and…
- risk 0.17cvss 3.7epss 0.08
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
- risk 0.17cvss 3.7epss 0.01
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information…
- risk 0.16cvss —epss 0.00
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.
- risk 0.13cvss 3.1epss 0.00
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current request's presented mTLS certificate…
- risk 0.13cvss —epss 0.00
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
- risk 0.08cvss —epss 0.00
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.