CWE-599
Missing Validation of OpenSSL Certificate
Description
The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41265 | Hig | 0.49 | 7.5 | 0.00 | Aug 1, 2024 | A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. | ||
| CVE-2024-41253 | Hig | 0.46 | 7.1 | 0.00 | Jul 31, 2024 | goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. | ||
| CVE-2025-56146 | Med | 0.34 | 5.3 | 0.00 | Sep 23, 2025 | Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. | ||
| CVE-2026-1778 | Med | 0.31 | 5.9 | 0.00 | Feb 2, 2026 | Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed. | ||
| CVE-2026-25060 | 0.00 | — | 0.00 | Feb 2, 2026 | OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This… | |||
| CVE-2024-40464 | 0.00 | — | 0.01 | Jul 31, 2024 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | |||
| CVE-2023-48052 | — | 0.00 | — | 0.00 | Nov 16, 2023 | Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. |
- risk 0.49cvss 7.5epss 0.00
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
- risk 0.46cvss 7.1epss 0.00
goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.
- risk 0.34cvss 5.3epss 0.00
Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.
- risk 0.31cvss 5.9epss 0.00
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
- CVE-2026-25060Feb 2, 2026risk 0.00cvss —epss 0.00
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This…
- CVE-2024-40464Jul 31, 2024risk 0.00cvss —epss 0.01
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
- CVE-2023-48052Nov 16, 2023risk 0.00cvss —epss 0.00
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.