VYPR

CWE-599

Missing Validation of OpenSSL Certificate

VariantIncomplete

Description

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (7)

  • CVE-2024-41265HigAug 1, 2024
    risk 0.49cvss 7.5epss 0.00

    A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

  • CVE-2024-41253HigJul 31, 2024
    risk 0.46cvss 7.1epss 0.00

    goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.

  • CVE-2025-56146MedSep 23, 2025
    risk 0.34cvss 5.3epss 0.00

    Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.

  • CVE-2026-1778MedFeb 2, 2026
    risk 0.31cvss 5.9epss 0.00

    Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

  • CVE-2026-25060Feb 2, 2026
    risk 0.00cvss epss 0.00

    OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This…

  • CVE-2024-40464Jul 31, 2024
    risk 0.00cvss epss 0.01

    An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file

  • CVE-2023-48052Nov 16, 2023
    risk 0.00cvss epss 0.00

    Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.