Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-9580

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jun, 2017 | 12:00
Updated At-05 Aug, 2024 | 17:11
Rejected At-
Credits

The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jun, 2017 | 12:00
Updated At:05 Aug, 2024 | 17:11
Rejected At:
▼CVE Numbering Authority (CNA)

The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5
x_refsource_MISC
Hyperlink: https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5
x_refsource_MISC
x_transferred
Hyperlink: https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jun, 2017 | 12:29
Updated At:13 May, 2026 | 00:24

The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
meafinancial
meafinancial
>>pioneer_bank_\&_trust_mobile_banking>>3.0.0
cpe:2.3:a:meafinancial:pioneer_bank_\&_trust_mobile_banking:3.0.0:*:*:*:*:iphone_os:*:*
Weaknesses
CWE IDTypeSource
CWE-295Primarynvd@nist.gov
CWE ID: CWE-295
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5cve@mitre.org
N/A
https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

208Records found
CVE-2017-9574
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-kc_area_credit_union_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9567
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-avb_bank_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9559
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-vision_bankn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9586
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-fsby_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9570
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-mount_vernon_bank_\&_trust_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9589
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-scsb_shelbyville_il_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9563
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-fccbn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9566
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-fsb_dequeen_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9575
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-fvb_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9562
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-freedom_1st_credit_union_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9581
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-algonquin_state_bank_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9583
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-charlevoix_state_bankn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9594
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-svb_mobilen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9592
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-your_legacy_federal_credit_union_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9579
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-jmcu_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9598
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-morton_credit_union_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9597
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-blue_ridge_bank_and_trust_co._mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9564
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-community_banks_cb2gon/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9600
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-peoples_bank_tulsan/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9588
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-oritani_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9593
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-oculina_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9596
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-cfb_mobile_bankingn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9565
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-first_security_bank_sleepy_eye_mobilen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-9587
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-meafinancialn/a
Product-pcsb_bank_mobilen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2015-0904
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 56.20%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.

Action-Not Available
Vendor-shidaxn/a
Product-restaurant_karaoken/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2015-0210
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 53.48%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.

Action-Not Available
Vendor-w1.fin/a
Product-wpa_supplicantn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-5912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 07:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-forexn/a
Product-forextradern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-7242
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.02%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.

Action-Not Available
Vendor-ms-insn/a
Product-sumaho_driving_capability_diagnosissumahon/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-6529
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 70.34%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 16:16
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-3706
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.49%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_mrgn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-17716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 24.96%
||
7 Day CHG~0.00%
Published-17 Dec, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-2845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.04%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.

Action-Not Available
Vendor-cyberduckn/aMicrosoft Corporation
Product-windowscyberduckn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-3607
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 19:00
Updated-06 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-ldaptiven/a
Product-ldaptivevt-ldapn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-13105
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.99%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 22:00
Updated-05 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker.

Action-Not Available
Vendor-hisecuritylabHi Security Lab
Product-virus_cleanerVirus Cleaner - Antivirus, Booster
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-28972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.80% / 74.26%
||
7 Day CHG~0.00%
Published-27 Feb, 2021 | 00:00
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Action-Not Available
Vendor-saltstackn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorasaltn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-1000007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 37.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.

Action-Not Available
Vendor-twistedmatrixn/a
Product-txawsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-12228
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 55.40%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-1148
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.46% / 64.01%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.

Action-Not Available
Vendor-photosynthn/a
Product-akerunn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-1221
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-jetstarn/a
Product-jetstarn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-1675
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.3||HIGH
EPSS-0.09% / 25.79%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 20:31
Updated-16 Sep, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability.

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mist_cloud_uiMIST Cloud UI
CWE ID-CWE-299
Improper Check for Certificate Revocation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-29482
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-3.7||LOW
EPSS-0.11% / 29.04%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 07:05
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Action-Not Available
Vendor-denaDeNA Co., Ltd.
Product-mobaoku-auction_\&_flea_marketMobaoku-Auction & Flea Market App for iOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2015-0874
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.9||MEDIUM
EPSS-0.50% / 66.02%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.

Action-Not Available
Vendor-okbn/aGoogle LLCApple Inc.
Product-androidiphone_ossmart_passbookn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-14980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 17:39
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-sophos_secure_emailn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-13614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.58% / 68.98%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 22:08
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.

Action-Not Available
Vendor-axel_projectn/aopenSUSEFedora Project
Product-fedoraaxelbackports_sleleapn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-13254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-8.67% / 92.55%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 13:11
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.DjangoNetApp, Inc.Oracle CorporationFedora Project
Product-ubuntu_linuxdebian_linuxfedorazfs_storage_appliance_kitdjangosra_pluginsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-26491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.20% / 79.12%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 04:25
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPidgin
Product-pidgindebian_linuxn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-11806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 34.97%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 12:42
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.

Action-Not Available
Vendor-mailstoren/a
Product-mailstore_servern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-24319
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 34.97%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Action-Not Available
Vendor-n/a
Product-clearscadaecostruxure_geo_scada_expert_2020ecostruxure_geo_scada_expert_2019ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CWE ID-CWE-295
Improper Certificate Validation
CVE-2012-6709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 40.74%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 17:00
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.

Action-Not Available
Vendor-twibrightelinksn/a
Product-elinkslinksn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-21170
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-3.7||LOW
EPSS-0.41% / 61.49%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 09:00
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

Action-Not Available
Vendor-dajDigital Arts Inc.
Product-i-filter_browser_\&_cloud_multiagentdspa-7000_m5dspa-2000_m4dspa-15000_m5dspa-4000_m4i-filteri-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER
CWE ID-CWE-295
Improper Certificate Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found