CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 10 of 25
- CVE-2020-9525HIGHCVSS 8.1EG 8.12020-08-10
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio st…
- CVE-2020-9868CRITICALCVSS 9.1EG 9.12020-10-22
A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, w…
- CVE-2021-0341HIGHCVSS 7.5EG 7.52021-02-10
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges need…
- CVE-2021-1134HIGHCVSS 7.4EG 7.42021-06-29
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an …
- CVE-2021-1276HIGHCVSS 7.5EG 7.52021-01-20
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilit…
- CVE-2021-1277HIGHCVSS 7.5EG 7.52021-01-20
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilit…
- CVE-2021-1354MEDIUMCVSS 4.3EG 4.32021-02-04
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulner…
- CVE-2021-1471CRITICALCVSS 9.9EG 9.92021-03-24
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access s…
- CVE-2021-1566HIGHCVSS 7.4EG 7.42021-06-16
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to in…
- CVE-2021-1837MEDIUMCVSS 5.3EG 5.32021-09-08
A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic.
- CVE-2021-20109HIGHCVSS 7.5EG 7.52021-07-19
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request …
- CVE-2021-20110CRITICALCVSS 9.8EG 9.82021-07-19
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a…
- CVE-2021-20230HIGHCVSS 7.5EG 7.52021-02-23
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authorit…
- CVE-2021-20327MEDIUMCVSS 6.4EG 6.42021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result …
- CVE-2021-20328MEDIUMCVSS 6.4EG 6.42021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network posi…
- CVE-2021-20435MEDIUMCVSS 5.5EG 5.52021-09-23
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.
- CVE-2021-20649MEDIUMCVSS 4.8EG 4.82021-02-12
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.
- CVE-2021-20695HIGHCVSS 8.8EG 8.82021-04-26
Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.
- CVE-2021-20732MEDIUMCVSS 5.9EG 5.92021-06-09
The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted …
- CVE-2021-20833HIGHCVSS 7.4EG 7.42021-10-13
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a crafted certificate.
- CVE-2021-20989MEDIUMCVSS 5.9EG 5.92021-04-19
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack…
- CVE-2021-21373HIGHCVSS 7.5EG 7.52021-03-26
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS U…
- CVE-2021-21374HIGHCVSS 8.1EG 8.12021-03-26
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due …
- CVE-2021-21385HIGHCVSS 8.8EG 8.82021-03-24
Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted an…
- CVE-2021-21548HIGHCVSS 7.4EG 7.42023-03-17
Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticate…
- CVE-2021-21559HIGHCVSS 7.1EG 7.12021-06-08
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to c…
- CVE-2021-21571MEDIUMCVSS 5.9EG 5.92021-06-24
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-…
- CVE-2021-21959HIGHCVSS 8.1EG 8.12022-02-04
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality.
- CVE-2021-22131MEDIUMCVSS 6.4EG 5.42022-07-18
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve in…
- CVE-2021-22138LOWCVSS 3.7EG 3.12021-05-13
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returne…
- CVE-2021-22189MEDIUMCVSS 5.9EG 5.92021-03-04
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
- CVE-2021-22218LOWCVSS 2.6EG 2.62021-06-08
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could …
- CVE-2021-22278MEDIUMCVSS 6.7EG 6.72021-10-28
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.
- CVE-2021-22511MEDIUMCVSS 6.5EG 6.52021-04-08
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/T…
- CVE-2021-22895MEDIUMCVSS 5.9EG 5.92021-06-11
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
- CVE-2021-22909HIGHCVSS 7.5EG 7.52021-05-27
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.
- CVE-2021-22926HIGHCVSS 7.5EG 7.52021-08-05
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library S…
- CVE-2021-22939MEDIUMCVSS 5.3EG 5.32021-08-16
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
- CVE-2021-23155CRITICALCVSS 9.0EG 6.82021-11-18
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions p…
- CVE-2021-23162HIGHCVSS 7.7EG 7.72021-11-18
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions p…
- CVE-2021-23167HIGHCVSS 8.1EG 8.12021-11-18
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (M…
- CVE-2021-24012MEDIUMCVSS 6.5EG 6.52021-06-02
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
- CVE-2021-25633HIGHCVSS 7.5EG 7.52021-10-11
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Valida…
- CVE-2021-25634HIGHCVSS 7.5EG 7.52021-10-12
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Valida…
- CVE-2021-25635MEDIUMCVSS 5.5EG 5.52025-03-21
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to Li…
- CVE-2021-25636HIGHCVSS 7.5EG 7.52022-02-24
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Valida…
- CVE-2021-26320MEDIUMCVSS 5.5EG 5.52021-11-16
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
- CVE-2021-26911HIGHCVSS 7.4EG 7.42021-02-17
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
- CVE-2021-27018HIGHCVSS 7.5EG 7.52021-08-30
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured t…
- CVE-2021-27098HIGHCVSS 8.1EG 8.12021-03-05
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a U…
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →