CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-QGG7-QHJR-6JH4
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1277"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.\n These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device.\n For more information about these vulnerabilities, see the Details section of this advisory.\n ",
"id": "GHSA-qgg7-qhjr-6jh4",
"modified": "2022-05-24T17:39:39Z",
"published": "2022-05-24T17:39:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1277"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QGP8-H5CP-R75R
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-10-26 23:06Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service.
Bumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:bumblebee"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10444"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-26T23:06:14Z",
"nvd_published_at": "2019-10-16T14:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service.\n\nBumblebee HP ALM Plugin no longer does that. Instead, it now allows users to opt out of certificate validation.",
"id": "GHSA-qgp8-h5cp-r75r",
"modified": "2023-10-26T23:06:14Z",
"published": "2022-05-24T16:58:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10444"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1481"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation"
}
GHSA-QGWM-W55F-GCC4
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2022-05-14 01:10The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2018-0650"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-07T14:29:00Z",
"severity": "HIGH"
},
"details": "The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-qgwm-w55f-gcc4",
"modified": "2022-05-14T01:10:43Z",
"published": "2022-05-14T01:10:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0650"
},
{
"type": "WEB",
"url": "https://linecorp.com/en/security/article/182"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android\u0026hl=en"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN16933564/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QH2X-HPF9-CF2G
Vulnerability from github – Published: 2022-05-05 00:28 – Updated: 2024-05-02 13:26HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-keystoneclient"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "cinder"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "neutron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-2255"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-02T13:26:09Z",
"nvd_published_at": "2019-11-01T19:15:00Z",
"severity": "MODERATE"
},
"details": "HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.",
"id": "GHSA-qh2x-hpf9-cf2g",
"modified": "2024-05-02T13:26:09Z",
"published": "2022-05-05T00:28:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2255"
},
{
"type": "WEB",
"url": "https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a"
},
{
"type": "WEB",
"url": "https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d"
},
{
"type": "WEB",
"url": "https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911"
},
{
"type": "WEB",
"url": "https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2013-2255"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ossn/+bug/1188189"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85562"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2255"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Keystone and other components vulnerable to Improper Certificate Validation"
}
GHSA-QJH3-8FPH-X9WJ
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1471"
],
"database_specific": {
"cwe_ids": [
"CWE-170",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T20:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GHSA-qjh3-8fph-x9wj",
"modified": "2022-05-24T17:45:16Z",
"published": "2022-05-24T17:45:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1471"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QJQ7-2MHQ-R456
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
{
"affected": [],
"aliases": [
"CVE-2018-7234"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-09T23:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in Schneider Electric\u0027s Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.",
"id": "GHSA-qjq7-2mhq-r456",
"modified": "2022-05-13T01:04:05Z",
"published": "2022-05-13T01:04:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7234"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QJQW-554M-3G9J
Vulnerability from github – Published: 2024-06-11 15:31 – Updated: 2024-08-15 21:31A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.
{
"affected": [],
"aliases": [
"CVE-2024-28021"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T14:15:10Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an at\u0002tacker could spoof a trusted entity causing a loss of confidentiality \nand integrity.",
"id": "GHSA-qjqw-554m-3g9j",
"modified": "2024-08-15T21:31:19Z",
"published": "2024-06-11T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28021"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QMF5-RQPH-925F
Vulnerability from github – Published: 2022-05-17 02:44 – Updated: 2025-04-20 03:37The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-8937"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-15T18:29:00Z",
"severity": "MODERATE"
},
"details": "The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-qmf5-rqph-925f",
"modified": "2025-04-20T03:37:44Z",
"published": "2022-05-17T02:44:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8937"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QMPX-7MR8-9WHR
Vulnerability from github – Published: 2023-04-10 21:30 – Updated: 2023-04-21 18:30A user with a compromised configuration can start an unsigned binary as a service.
{
"affected": [],
"aliases": [
"CVE-2023-28093"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-10T21:15:00Z",
"severity": "HIGH"
},
"details": "A user with a compromised configuration can start an unsigned binary as a service.",
"id": "GHSA-qmpx-7mr8-9whr",
"modified": "2023-04-21T18:30:23Z",
"published": "2023-04-10T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28093"
},
{
"type": "WEB",
"url": "https://support.pega.com/support-doc/pega-security-advisory-b23-robotics-and-workforce-intelligence-local-privilege"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QP68-WJ26-PFPF
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
{
"affected": [],
"aliases": [
"CVE-2022-21170"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:45:00Z",
"severity": "MODERATE"
},
"details": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.",
"id": "GHSA-qp68-wj26-pfpf",
"modified": "2022-03-17T00:01:32Z",
"published": "2022-03-11T00:02:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21170"
},
{
"type": "WEB",
"url": "https://download.daj.co.jp/user/dspa/V3"
},
{
"type": "WEB",
"url": "https://download.daj.co.jp/user/dspa/V4"
},
{
"type": "WEB",
"url": "https://download.daj.co.jp/user/ifb"
},
{
"type": "WEB",
"url": "https://download.daj.co.jp/user/ifilter/V10"
},
{
"type": "WEB",
"url": "https://download.daj.co.jp/user/ifilter/V9"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.