Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-7816

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-09 Jun, 2017 | 16:00
Updated At-06 Aug, 2024 | 02:04
Rejected At-
Credits

The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:09 Jun, 2017 | 16:00
Updated At:06 Aug, 2024 | 02:04
Rejected At:
▼CVE Numbering Authority (CNA)

The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Products
Vendor
Cybozu, Inc.Cybozu, Inc.
Product
kintone mobile for Android
Versions
Affected
  • 1.0.6 and earlier
Problem Types
TypeCWE IDDescription
textN/AFails to verify SSL certificates
Type: text
CWE ID: N/A
Description: Fails to verify SSL certificates
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN20252219/index.html
third-party-advisory
x_refsource_JVN
http://www.securityfocus.com/bid/94547
vdb-entry
x_refsource_BID
https://support.cybozu.com/ja-jp/article/9719
x_refsource_CONFIRM
Hyperlink: https://jvn.jp/en/jp/JVN20252219/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://www.securityfocus.com/bid/94547
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://support.cybozu.com/ja-jp/article/9719
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN20252219/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://www.securityfocus.com/bid/94547
vdb-entry
x_refsource_BID
x_transferred
https://support.cybozu.com/ja-jp/article/9719
x_refsource_CONFIRM
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN20252219/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/94547
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.cybozu.com/ja-jp/article/9719
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:09 Jun, 2017 | 16:29
Updated At:13 May, 2026 | 00:24

The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Cybozu, Inc.
cybozu
>>kintone>>Versions up to 1.0.6(inclusive)
cpe:2.3:a:cybozu:kintone:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-295Primarynvd@nist.gov
CWE ID: CWE-295
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/94547vultures@jpcert.or.jp
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN20252219/index.htmlvultures@jpcert.or.jp
Vendor Advisory
https://support.cybozu.com/ja-jp/article/9719vultures@jpcert.or.jp
Vendor Advisory
http://www.securityfocus.com/bid/94547af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN20252219/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.cybozu.com/ja-jp/article/9719af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/94547
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://jvn.jp/en/jp/JVN20252219/index.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://support.cybozu.com/ja-jp/article/9719
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/94547
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://jvn.jp/en/jp/JVN20252219/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.cybozu.com/ja-jp/article/9719
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

219Records found
CVE-2016-1186
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 68.98%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kintonen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-2093
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 53.54%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4842
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 58.61%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-mailwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4869
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 79.08%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1187
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.38% / 59.93%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunain/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-8488
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 54.40%
||
7 Day CHG~0.00%
Published-17 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7776
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 68.81%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0526
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.23%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4843
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.93% / 76.65%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-mailwisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4013
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.83%
||
7 Day CHG~0.00%
Published-14 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunai_browser_for_remote_servicen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4012
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.83%
||
7 Day CHG~0.00%
Published-08 Sep, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-kunain/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7815
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-4.2||MEDIUM
EPSS-0.09% / 25.35%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

Action-Not Available
Vendor-Cybozu, Inc.
Product-remote_service_managerRemote Service Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5905
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-dollar_bankn/a
Product-dollar_bank_mobilen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-20813
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||CRITICAL
EPSS-0.40% / 61.44%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 20:30
Updated-06 Nov, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-expresswaytelepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS) Expressway
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5913
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-forexn/a
Product-tradeking_forexn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-emirates_nbd_bank_p.j.s.cn/a
Product-emirates_nbdemirates_nbd_ksan/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-banco_de_costa_rican/a
Product-bcr_moviln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-great_southern_bankn/a
Product-great_southern_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-21st_century_insurancen/a
Product-21st_century_insurancen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-payquickern/a
Product-mypayquickern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-everyday_health_incn/a
Product-diabetes_in_check\n/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5911
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-banco_santander_mexico_san/a
Product-supermoviln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-21170
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-3.7||LOW
EPSS-0.41% / 61.89%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 09:00
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

Action-Not Available
Vendor-dajDigital Arts Inc.
Product-i-filter_browser_\&_cloud_multiagentdspa-7000_m5dspa-2000_m4dspa-15000_m5dspa-4000_m4i-filteri-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5914
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-dotit-corpn/a
Product-banque_zitounan/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-forexn/a
Product-forextradern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-20081
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.15%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt8675mt6771mt6833mt6580mt6885mt6983mt6735mt8666mt6753mt6877mt6781mt6765mt6853mt6883mt6737mt8667mt6895mt6739androidmt6761mt6889mt6768mt6779mt6785mt6879MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-2278
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.31% / 54.99%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-iidIID, Inc.Google LLCApple Inc.
Product-androidrbb_speed_testiphone_osRBB SPEED TEST App for AndroidRBB SPEED TEST App for iOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-3213
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 45.28%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-think_mutual_bankn/a
Product-think_mutual_bank_mobile_banking_appThink Mutual Bank Mobile Banking
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-3212
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 45.28%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-sccun/a
Product-space_coast_credit_unionSpace Coast Credit Union Mobile
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-3194
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-0.47% / 65.22%
||
7 Day CHG~0.00%
Published-15 Dec, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Action-Not Available
Vendor-Pandora Media, LLC
Product-pandoraPandora iOS App
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-13615
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 40.49%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 22:08
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates.

Action-Not Available
Vendor-qoren/a
Product-qoren/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-18909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.31%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 18:45
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-17455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 33.34%
||
7 Day CHG~0.00%
Published-20 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.

Action-Not Available
Vendor-n/aMahara
Product-maharan/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-17718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.45%
||
7 Day CHG~0.00%
Published-17 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

Action-Not Available
Vendor-net-ldap_projectn/a
Product-net-ldapn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-42017
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.78%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 11:31
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rs969ruggedcom_rs910ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rs930lruggedcom_rsg907rruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900wruggedcom_i801ruggedcom_rosruggedcom_m2100ruggedcom_rmcruggedcom_i800ruggedcom_rst2228ruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rs900ruggedcom_rs401ruggedcom_rs8000truggedcom_rsg909rruggedcom_rp110ruggedcom_rs910lruggedcom_i802ruggedcom_m969ruggedcom_rs910wruggedcom_rsg2100pruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900gpruggedcom_rs900lruggedcom_rmc40ruggedcom_rsl910ruggedcom_rmc41ruggedcom_rsg920pruggedcom_rs920wruggedcom_rs416v2ruggedcom_rs8000aruggedcom_rsg2300ruggedcom_rst916cruggedcom_m2200ruggedcom_rs400ruggedcom_rst2228pruggedcom_rmc20ruggedcom_rs8000hruggedcom_rsg908cruggedcom_i803ruggedcom_rsg2488ruggedcom_rs900gruggedcom_rsg2288ruggedcom_rs920lruggedcom_rs940gruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RSG920P V4.XRUGGEDCOM RS930WRUGGEDCOM RS910LRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM RS920WRUGGEDCOM RS940GRUGGEDCOM RS900FRUGGEDCOM M2200RUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RS900RUGGEDCOM RS400FRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RSG2100RUGGEDCOM RS8000HRUGGEDCOM RS400RUGGEDCOM RS8000TRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS416PFRUGGEDCOM RS900GRUGGEDCOM M2100FRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WRUGGEDCOM RS8000ARUGGEDCOM RMC8388 V5.XRUGGEDCOM i803RUGGEDCOM RSG910CRUGGEDCOM RSG2300PFRUGGEDCOM RSG2288 V4.XRUGGEDCOM RSG2488FRUGGEDCOM RS969RUGGEDCOM RSG2200RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RS416RUGGEDCOM RS416FRUGGEDCOM RS900GPFRUGGEDCOM RST2228PRUGGEDCOM RSG2100PRUGGEDCOM i800RUGGEDCOM RS416PRUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RSL910RUGGEDCOM RSG907RRUGGEDCOM RS930LRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RSG2100PFRUGGEDCOM RS900GPRUGGEDCOM RST916CRUGGEDCOM RSG2100FRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RS940GFRUGGEDCOM RSG2488 V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RMC30RUGGEDCOM RS900GFRUGGEDCOM M2100RUGGEDCOM RSG2300FRUGGEDCOM RS1600TRUGGEDCOM M969FRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS900M-GETS-C01RUGGEDCOM RS900 (32M) V5.XRUGGEDCOM M2200FRUGGEDCOM RP110RUGGEDCOM RSG2200FRUGGEDCOM i801RUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RS416v2 V4.X
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2017-14612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-shpockn/a
Product-shpockn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-40713
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 56.39%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 15:43
Updated-23 Apr, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerExperience Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-12721
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 31.62%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 10:00
Updated-05 Aug, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.

Action-Not Available
Vendor-smiths-medicaln/a
Product-medfusion_4000_wireless_syringe_infusion_pumpSmiths Medical Medfusion 4000 Wireless Syringe Infusion Pump
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-39361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 28.62%
||
7 Day CHG~0.00%
Published-22 Aug, 2021 | 18:46
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-evolution-rssn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-39360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.52% / 67.43%
||
7 Day CHG~0.00%
Published-22 Aug, 2021 | 18:46
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Action-Not Available
Vendor-n/aThe GNOME ProjectFedora Project
Product-fedoralibzapojitn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-39358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.76%
||
7 Day CHG~0.00%
Published-22 Aug, 2021 | 18:47
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Action-Not Available
Vendor-n/aThe GNOME ProjectFedora Project
Product-libgfbgraphfedoran/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-1000007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.10%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.

Action-Not Available
Vendor-twistedmatrixn/a
Product-txawsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-39365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.34% / 57.27%
||
7 Day CHG~0.00%
Published-22 Aug, 2021 | 21:18
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/Linux
Product-debian_linuxgrilon/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-3898
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 31.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-ready_fordevice_helpDevice Help Android AppReady For Android App
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-7805
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-unisysNihon Unisys, Ltd.
Product-mobigatemobiGate App for AndroidmobiGate App for iOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-4840
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.58% / 69.60%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.

Action-Not Available
Vendor-toshiban/a
Product-coordinate_plusn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-4832
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.28% / 51.71%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.

Action-Not Available
Vendor-aeonn/a
Product-waonn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-4830
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.58% / 69.60%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates.

Action-Not Available
Vendor-akindo-sushiron/a
Product-sushiron/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-2922
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-13 Aug, 2018 | 16:00
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

Action-Not Available
Vendor-IBM Corporation
Product-rational_clearquestRational ClearQuest
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-1221
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.42%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-jetstarn/a
Product-jetstarn/a
CWE ID-CWE-295
Improper Certificate Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found