Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-PM3J-6F7C-8V2Q

Vulnerability from github – Published: 2025-01-10 18:31 – Updated: 2025-01-13 21:30
VLAI
Details

Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-10T17:15:17Z",
    "severity": "HIGH"
  },
  "details": "Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.",
  "id": "GHSA-pm3j-6f7c-8v2q",
  "modified": "2025-01-13T21:30:52Z",
  "published": "2025-01-10T18:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21551"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54848"
    },
    {
      "type": "WEB",
      "url": "https://capec.mitre.org/data/definitions/233"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnerabilties/blob/main/CPPlus_CP-VNR-3104_Security_Assessment.pdf"
    },
    {
      "type": "WEB",
      "url": "https://payatu.com/blog/solving-the-problem-of-encrypted-firmware"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PM77-C4Q7-3FWJ

Vulnerability from github – Published: 2021-10-12 16:31 – Updated: 2021-10-08 22:58
VLAI
Summary
Improper Certificate Validation in Heartland & Global Payments PHP SDK
Details

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "globalpayments/php-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-20455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-08T22:58:55Z",
    "nvd_published_at": "2020-02-14T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Gateways/Gateway.php in Heartland \u0026 Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.",
  "id": "GHSA-pm77-c4q7-3fwj",
  "modified": "2021-10-08T22:58:55Z",
  "published": "2021-10-12T16:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/globalpayments/php-sdk/pull/8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/globalpayments/php-sdk/pull/8/commits/c86e18f28c5eba0d6ede7d557756d978ea83d3c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/globalpayments/php-sdk"
    },
    {
      "type": "WEB",
      "url": "https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/globalpayments/php-sdk/releases/tag/2.0.0"
    },
    {
      "type": "WEB",
      "url": "https://winterdragon.ca/global-payments-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Certificate Validation in Heartland \u0026 Global Payments PHP SDK"
}

GHSA-PM7C-VG9H-JXXC

Vulnerability from github – Published: 2022-05-02 03:35 – Updated: 2024-02-14 18:30
VLAI
Details

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-2408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-30T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.",
  "id": "GHSA-pm7c-vg9h-jxxc",
  "modified": "2024-02-14T18:30:24Z",
  "published": "2022-05-02T03:35:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2408"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/810-2"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?storyid=7003"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/56723"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36088"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36125"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36139"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36157"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36434"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36669"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37098"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1874"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022632"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-810-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2085"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "type": "WEB",
      "url": "http://www.wired.com/threatlevel/2009/07/kaminsky"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PMG3-799Q-7MHW

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,",
  "id": "GHSA-pmg3-799q-7mhw",
  "modified": "2022-05-24T17:40:24Z",
  "published": "2022-05-24T17:40:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3309"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wekan/wekan/issues/3482"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wekan/wekan/pull/3483/commits/31f89121fecca5a761b05cc3a26d4f237e90b484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wekan/wekan/releases/tag/v4.87"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PPFQ-JG49-MQJ4

Vulnerability from github – Published: 2025-05-28 09:31 – Updated: 2025-05-28 15:34
VLAI
Details

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-28T07:15:24Z",
    "severity": "MODERATE"
  },
  "details": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.",
  "id": "GHSA-ppfq-jg49-mqj4",
  "modified": "2025-05-28T15:34:32Z",
  "published": "2025-05-28T09:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3150884"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2025-4947.html"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2025-4947.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/05/28/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPG5-72HH-9JJ4

Vulnerability from github – Published: 2022-05-14 01:17 – Updated: 2022-05-14 01:17
VLAI
Details

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-31T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.",
  "id": "GHSA-ppg5-72hh-9jj4",
  "modified": "2022-05-14T01:17:01Z",
  "published": "2022-05-14T01:17:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15698"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0465"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0466"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4118"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040390"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPP5-CF3C-5M4P

Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2025-04-20 03:39
VLAI
Details

The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-16T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-ppp5-cf3c-5m4p",
  "modified": "2025-04-20T03:39:12Z",
  "published": "2022-05-14T02:57:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9571"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQPC-HHGR-P436

Vulnerability from github – Published: 2025-08-05 15:30 – Updated: 2025-08-05 18:30
VLAI
Details

A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-44964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-05T15:15:29Z",
    "severity": "LOW"
  },
  "details": "A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.",
  "id": "GHSA-pqpc-hhgr-p436",
  "modified": "2025-08-05T18:30:43Z",
  "published": "2025-08-05T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44964"
    },
    {
      "type": "WEB",
      "url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44964"
    },
    {
      "type": "WEB",
      "url": "http://bluestacks.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQR7-9QQQ-HRH5

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-28T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",
  "id": "GHSA-pqr7-9qqq-hrh5",
  "modified": "2022-05-13T01:31:21Z",
  "published": "2022-05-13T01:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1757"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107617"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQW9-FPR2-R45X

Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-12 12:00
VLAI
Details

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-pqw9-fpr2-r45x",
  "modified": "2022-10-12T12:00:25Z",
  "published": "2022-10-11T12:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41747"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1402"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.