CWE-295
Improper Certificate Validation
BaseDraft
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (377)
page 5 of 19| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8231 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2017 | In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | |
| CVE-2016-3083 | Hig | 0.49 | 7.5 | 0.00 | May 30, 2017 | Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through. | |
| CVE-2017-2498 | Hig | 0.49 | 7.5 | 0.00 | May 22, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |
| CVE-2017-0248 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2017 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |
| CVE-2016-1132 | Hig | 0.49 | 7.5 | 0.00 | Apr 13, 2017 | Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | |
| CVE-2017-7192 | Hig | 0.49 | 7.5 | 0.00 | Apr 6, 2017 | WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |
| CVE-2017-5887 | Hig | 0.49 | 7.5 | 0.00 | Apr 6, 2017 | WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | |
| CVE-2015-4680 | Hig | 0.49 | 7.5 | 0.00 | Apr 5, 2017 | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |
| CVE-2013-7450 | Hig | 0.49 | 7.5 | 0.00 | Apr 3, 2017 | Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | |
| CVE-2017-0129 | Hig | 0.49 | 7.5 | 0.02 | Mar 17, 2017 | Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | |
| CVE-2015-2330 | Hig | 0.49 | 7.5 | 0.00 | Mar 10, 2017 | Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |
| CVE-2016-7662 | Hig | 0.49 | 7.5 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | |
| CVE-2015-0534 | Hig | 0.49 | 7.5 | 0.01 | Aug 20, 2015 | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. | |
| CVE-2009-3046 | Hig | 0.49 | 7.5 | 0.00 | Sep 2, 2009 | Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. | |
| CVE-2009-0265 | Hig | 0.49 | 7.5 | 0.00 | Jan 26, 2009 | Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. | |
| CVE-2026-41132 | Hig | 0.48 | 7.4 | 0.00 | May 13, 2026 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2.10.10 and 2.11.5. | |
| CVE-2026-41872 | Hig | 0.48 | 7.4 | 0.00 | May 12, 2026 | "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server. | |
| CVE-2026-7821 | Hig | 0.48 | 7.4 | 0.00 | May 7, 2026 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity. | |
| CVE-2026-42011 | Hig | 0.48 | 7.4 | 0.00 | May 7, 2026 | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems. | |
| CVE-2026-35560 | Hig | 0.48 | 7.4 | 0.00 | Apr 3, 2026 | Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0. |