Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-4062

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-23 Apr, 2024 | 18:31
Updated At-01 Aug, 2024 | 20:26
Rejected At-
Credits

Hualai Xiaofang iSC5 certificate validation

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:23 Apr, 2024 | 18:31
Updated At:01 Aug, 2024 | 20:26
Rejected At:
▼CVE Numbering Authority (CNA)
Hualai Xiaofang iSC5 certificate validation

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Hualai Xiaofang
Product
iSC5
Versions
Affected
  • 3.2.2_112
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.03.7LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.02.6N/A
AV:N/AC:H/Au:N/C:P/I:N/A:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 2.0
Base score: 2.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
kaizheng (VulDB User)
Timeline
EventDate
Advisory disclosed2024-04-23 00:00:00
VulDB entry created2024-04-23 02:00:00
VulDB entry last update2024-04-23 15:03:03
Event: Advisory disclosed
Date: 2024-04-23 00:00:00
Event: VulDB entry created
Date: 2024-04-23 02:00:00
Event: VulDB entry last update
Date: 2024-04-23 15:03:03
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.261788
vdb-entry
https://vuldb.com/?ctiid.261788
signature
permissions-required
https://vuldb.com/?submit.316407
third-party-advisory
https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf
related
Hyperlink: https://vuldb.com/?id.261788
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.261788
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.316407
Resource:
third-party-advisory
Hyperlink: https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf
Resource:
related
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
hualai
Product
isc5
CPEs
  • cpe:2.3:a:hualai:isc5:3.2.2_112:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.2.2_112
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.261788
vdb-entry
x_transferred
https://vuldb.com/?ctiid.261788
signature
permissions-required
x_transferred
https://vuldb.com/?submit.316407
third-party-advisory
x_transferred
https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf
related
x_transferred
Hyperlink: https://vuldb.com/?id.261788
Resource:
vdb-entry
x_transferred
Hyperlink: https://vuldb.com/?ctiid.261788
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://vuldb.com/?submit.316407
Resource:
third-party-advisory
x_transferred
Hyperlink: https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf
Resource:
related
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:23 Apr, 2024 | 19:15
Updated At:15 Apr, 2026 | 00:35

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary2.02.6LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-295Secondarycna@vuldb.com
CWE ID: CWE-295
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdfcna@vuldb.com
N/A
https://vuldb.com/?ctiid.261788cna@vuldb.com
N/A
https://vuldb.com/?id.261788cna@vuldb.com
N/A
https://vuldb.com/?submit.316407cna@vuldb.com
N/A
https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://vuldb.com/?ctiid.261788af854a3a-2127-422b-91ae-364da2661108
N/A
https://vuldb.com/?id.261788af854a3a-2127-422b-91ae-364da2661108
N/A
https://vuldb.com/?submit.316407af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.261788
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.261788
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.316407
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/kzLiu2017/CVE_Document/blob/main/Hualai_Xiaofang_camera.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.261788
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://vuldb.com/?id.261788
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://vuldb.com/?submit.316407
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

21Records found
CVE-2022-29482
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-3.7||LOW
EPSS-0.11% / 29.14%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 07:05
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Action-Not Available
Vendor-denaDeNA Co., Ltd.
Product-mobaoku-auction_\&_flea_marketMobaoku-Auction & Flea Market App for iOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-15323
Matching Score-4
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
ShareView Details
Matching Score-4
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
CVSS Score-3.7||LOW
EPSS-0.01% / 0.98%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 18:12
Updated-10 Feb, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

Action-Not Available
Vendor-taniumTanium
Product-tanosTanium Appliance
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-1622
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-05 Dec, 2018 | 17:00
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_incident_forensicsQRadar SIEM
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-24661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 48.41%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 15:06
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.

Action-Not Available
Vendor-n/aThe GNOME ProjectFedora Project
Product-gearyfedoran/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-4654
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.12% / 30.69%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-4150
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.07% / 22.37%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-1265
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.10% / 27.31%
||
7 Day CHG~0.00%
Published-17 Dec, 2018 | 16:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-1200
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 18:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_complianceBigFix Compliance
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-2922
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-13 Aug, 2018 | 16:00
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

Action-Not Available
Vendor-IBM Corporation
Product-rational_clearquestRational ClearQuest
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-9015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.06% / 18.01%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.

Action-Not Available
Vendor-n/aPython Software Foundation
Product-urllib3n/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-21170
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-3.7||LOW
EPSS-0.41% / 61.38%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 09:00
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

Action-Not Available
Vendor-dajDigital Arts Inc.
Product-i-filter_browser_\&_cloud_multiagentdspa-7000_m5dspa-2000_m4dspa-15000_m5dspa-4000_m4i-filteri-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-43892
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 02:00
Updated-13 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Privilege information disclosure

IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_on-premisesmacoswindowsSecurity Verify Privilege
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-32994
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-3.7||LOW
EPSS-0.07% / 21.08%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

Action-Not Available
Vendor-Jenkins
Product-saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-1000033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.41% / 61.48%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

Action-Not Available
Vendor-n/aRed Hat, Inc.The GNOME Project
Product-enterprise_linuxshotwelln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-40745
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 6.21%
||
7 Day CHG+0.01%
Published-14 Apr, 2026 | 08:40
Updated-17 Apr, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2025Simcenter 3DSiemens Software CenterSimcenter FemapSimcenter STAR-CCM+Tecnomatix Plant SimulationSolid Edge SE2026
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-4063
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.07% / 22.26%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 18:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation

A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-EZVIZezviz
Product-CS-C6-21WFR-8cs-c6-21wfr-8
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-22138
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-3.7||LOW
EPSS-0.11% / 28.91%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 17:35
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

Action-Not Available
Vendor-Elasticsearch BV
Product-logstashElasticsearch
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-9488
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-3.7||LOW
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:36
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Action-Not Available
Vendor-qosThe Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-retail_bulk_data_integrationpeoplesoft_enterprise_peopletoolsprimavera_unifierreload4jretail_assortment_planningstoragetek_acslspolicy_automationfinancial_services_retail_customer_analyticsfinancial_services_price_creation_and_discoverycommunications_eagle_ftp_table_base_retrievalcommunications_application_session_controllerinsurance_policy_administration_j2eepolicy_automation_for_mobile_devicesspatial_and_graphfinancial_services_analytical_applications_infrastructurecommunications_unified_inventory_managementretail_advanced_inventory_planningcommunications_services_gatekeeperretail_order_broker_cloud_serviceinsurance_insbridge_rating_and_underwritingretail_customer_management_and_segmentation_foundationretail_predictive_application_serverjd_edwards_world_securityinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerenterprise_manager_for_peoplesoftsiebel_apps_-_marketingsiebel_ui_frameworkflexcube_private_bankingretail_integration_busretail_eftlinkutilities_frameworkoracle_goldengate_application_adaptersfinancial_services_institutional_performance_analyticspolicy_automation_connector_for_siebelstoragetek_tape_analytics_sw_toolretail_insights_cloud_service_suiteweblogic_serverdebian_linuxhealth_sciences_information_managerflexcube_core_bankingretail_xstore_point_of_servicelog4jfinancial_services_market_risk_measurement_and_managementdata_integratorApache Log4j
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-34394
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-3.7||LOW
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:30
Updated-20 May, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10Dell Networking OS10
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-1509
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 15:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-295
Improper Certificate Validation
CVE-2012-2993
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.9||MEDIUM
EPSS-14.69% / 94.50%
||
7 Day CHG~0.00%
Published-18 Sep, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_phone_7windows_phone_7_firmwaren/a
CWE ID-CWE-295
Improper Certificate Validation
Details not found