CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1906 vulnerabilities reference this CWE, most recent first.
GHSA-RCXG-WQW2-89WF
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2024-02-15 21:31A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.
{
"affected": [],
"aliases": [
"CVE-2021-22909"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-300"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-27T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.",
"id": "GHSA-rcxg-wqw2-89wf",
"modified": "2024-02-15T21:31:25Z",
"published": "2022-05-24T19:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22909"
},
{
"type": "WEB",
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-018-018/cfa1566b-4bf8-427b-8cc7-8cffba3a93a4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF3F-3P37-2QH4
Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2024-11-26 18:51A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-scciclient"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2996"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T18:34:47Z",
"nvd_published_at": "2022-09-01T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server\u0027s certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.",
"id": "GHSA-rf3f-3p37-2qh4",
"modified": "2024-11-26T18:51:57Z",
"published": "2022-09-02T00:01:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2996"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack-archive/python-scciclient"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/python-scciclient/PYSEC-2022-43152.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html"
},
{
"type": "WEB",
"url": "https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "python-scciclient vulnerable to Man-in-the-middle (MITM) attacks"
}
GHSA-RFG6-P6Q6-8FRJ
Vulnerability from github – Published: 2024-01-19 21:30 – Updated: 2024-01-19 21:30A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2023-6043"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T20:15:12Z",
"severity": "HIGH"
},
"details": "A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.",
"id": "GHSA-rfg6-p6q6-8frj",
"modified": "2024-01-19T21:30:36Z",
"published": "2024-01-19T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6043"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-144736"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RFGW-H32J-QPPC
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9590"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"State Bank of Waterloo Mobile Banking\" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-rfgw-h32j-qppc",
"modified": "2025-04-20T03:39:13Z",
"published": "2022-05-17T02:39:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9590"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RG5M-FC62-H68H
Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2025-07-31 18:31A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-20814"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T16:15:22Z",
"severity": "HIGH"
},
"details": "A vulnerability in the certificate validation of Cisco\u0026nbsp;Expressway-C and Cisco\u0026nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.\u0026nbsp;\u0026nbsp;The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco\u0026nbsp;Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\nNote: Cisco\u0026nbsp;Expressway-E is not affected by this vulnerability.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
"id": "GHSA-rg5m-fc62-h68h",
"modified": "2025-07-31T18:31:50Z",
"published": "2024-11-15T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20814"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RGHW-6PX2-FGWC
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2024-02-13 19:27Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.12.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver"
},
"ranges": [
{
"events": [
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.0.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-sync"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-sync"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-sync"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.0"
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongo-java-driver"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.12.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongo-java-driver"
},
"ranges": [
{
"events": [
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.0.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-legacy"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-legacy"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-legacy"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.12.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-legacy"
},
"ranges": [
{
"events": [
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.12.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-sync"
},
"ranges": [
{
"events": [
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-sync"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.mongodb:mongodb-driver-legacy"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.0"
]
}
],
"aliases": [
"CVE-2021-20328"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-22T18:49:12Z",
"nvd_published_at": "2021-02-25T17:15:00Z",
"severity": "MODERATE"
},
"details": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption.",
"id": "GHSA-rghw-6px2-fgwc",
"modified": "2024-02-13T19:27:59Z",
"published": "2022-05-24T22:28:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20328"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in MongoDB"
}
GHSA-RGMC-Q3R4-JXVV
Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2022-05-17 01:57When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
{
"affected": [],
"aliases": [
"CVE-2017-11506"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-09T12:29:00Z",
"severity": "HIGH"
},
"details": "When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager\u0027s TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.",
"id": "GHSA-rgmc-q3r4-jxvv",
"modified": "2022-05-17T01:57:47Z",
"published": "2022-05-17T01:57:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11506"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2017-11"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039141"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RH9J-F5F8-RVGC
Vulnerability from github – Published: 2022-06-17 22:09 – Updated: 2022-06-20 21:20Impact
The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object.
Patches
To prevent this, a new rootCertificateUrl property is introduced to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the rootCertificateUrl property defaults to the URL of the current root certificate as of May 27, 2022.
Keep in mind that the root certificate can change at any time (expected to be announced by Apple) and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter.
Workarounds
None.
References
- https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
- https://developer.apple.com/news/?id=stttq465
- https://github.com/parse-community/parse-server
More information
- For questions or comments about this vulnerability visit our community forum or community chat
- Report other vulnerabilities at report.parseplatform.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31083"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T22:09:09Z",
"nvd_published_at": "2022-06-17T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object.\n\n### Patches\nTo prevent this, a new `rootCertificateUrl` property is introduced to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple\u0027s Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the [current root certificate](https://developer.apple.com/news/?id=stttq465) as of May 27, 2022.\n\nKeep in mind that the root certificate can change at any time (expected to be announced by Apple) and that it is the developer\u0027s responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter.\n\n### Workarounds\nNone.\n\n### References\n- https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc\n- https://developer.apple.com/news/?id=stttq465\n- https://github.com/parse-community/parse-server\n\n### More information\n* For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org) or [community chat](http://chat.parseplatform.org)\n* Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org)\n\n",
"id": "GHSA-rh9j-f5f8-rvgc",
"modified": "2022-06-20T21:20:53Z",
"published": "2022-06-17T22:09:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31083"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/8054"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1"
},
{
"type": "WEB",
"url": "https://developer.apple.com/news/?id=stttq465"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authentication bypass vulnerability in Apple Game Center auth adapter "
}
GHSA-RHC4-GHFC-MWXG
Vulnerability from github – Published: 2022-05-17 02:40 – Updated: 2025-04-20 03:39The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9593"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"Oculina Mobile Banking\" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-rhc4-ghfc-mwxg",
"modified": "2025-04-20T03:39:13Z",
"published": "2022-05-17T02:40:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9593"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RHMQ-Q9GR-P7X8
Vulnerability from github – Published: 2022-05-14 03:33 – Updated: 2022-05-14 03:33An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
{
"affected": [],
"aliases": [
"CVE-2018-6219"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-15T19:29:00Z",
"severity": "MODERATE"
},
"details": "An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.",
"id": "GHSA-rhmq-q9gr-p7x8",
"modified": "2022-05-14T03:33:40Z",
"published": "2022-05-14T03:33:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6219"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/1119349"
},
{
"type": "WEB",
"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44166"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.