CWE-599
Missing Validation of OpenSSL Certificate
VariantIncomplete
Description
The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41265 | Hig | 0.49 | 7.5 | 0.00 | Aug 1, 2024 | A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. | |
| CVE-2024-41253 | Hig | 0.46 | 7.1 | 0.00 | Jul 31, 2024 | goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. | |
| CVE-2025-56146 | Med | 0.34 | 5.3 | 0.00 | Sep 23, 2025 | Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. |