CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CVE-2024-31872 (GCVE-0-2024-31872)
Vulnerability from cvelistv5 – Published: 2024-04-10 15:51 – Updated: 2025-11-03 21:54
VLAI
Title
IBM Security Verify Access Appliance missing certificate validation
Summary
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.
Severity
7.5 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7147932 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security Verify Access Appliance |
Affected:
10.0.0 , ≤ 10.0.7
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "security_verify_access",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "10.0.7",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T20:53:53.581074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T20:53:59.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:54:44.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7147932"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Verify Access Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.7",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316."
}
],
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T19:15:28.830Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7147932"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access Appliance missing certificate validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31872",
"datePublished": "2024-04-10T15:51:04.118Z",
"dateReserved": "2024-04-07T12:44:32.085Z",
"dateUpdated": "2025-11-03T21:54:44.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32865 (GCVE-0-2024-32865)
Vulnerability from cvelistv5 – Published: 2024-08-01 21:13 – Updated: 2024-08-02 14:36
VLAI
Title
exacqVison - TLS certificate validation
Summary
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
Severity
6.4 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | exacqVision |
Affected:
0 , ≤ 24.03
(custom)
|
Date Public
2024-08-01 16:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:johnsoncontrols:exacqvision_server:*:*:*:*:*:*:x86:*"
],
"defaultStatus": "unknown",
"product": "exacqvision_server",
"vendor": "johnsoncontrols",
"versions": [
{
"lessThanOrEqual": "24.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:13:28.853898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:36:24.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "exacqVision",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "24.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diego Zaffaroni from Nozomi Networks"
}
],
"datePublic": "2024-08-01T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.024);\"\u003eUnder certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. \u003c/span\u003e"
}
],
"value": "Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94: Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:13:24.868Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate exacqVision Server and exacqVision Client to version 24.06\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update exacqVision Server and exacqVision Client to version 24.06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "exacqVison - TLS certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2024-32865",
"datePublished": "2024-08-01T21:13:24.868Z",
"dateReserved": "2024-04-19T13:45:43.929Z",
"dateUpdated": "2024-08-02T14:36:24.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33509 (GCVE-0-2024-33509)
Vulnerability from cvelistv5 – Published: 2024-07-09 15:33 – Updated: 2024-08-02 02:36
VLAI
Summary
An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).
Severity
CWE
- CWE-295 - Information disclosure
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiweb",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T15:48:02.416435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:04:39.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:02.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.23",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:33:24.418Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-326"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.2.2 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-33509",
"datePublished": "2024-07-09T15:33:24.418Z",
"dateReserved": "2024-04-23T14:18:29.831Z",
"dateUpdated": "2024-08-02T02:36:02.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33612 (GCVE-0-2024-33612)
Vulnerability from cvelistv5 – Published: 2024-05-08 15:01 – Updated: 2025-12-16 18:13
VLAI
Title
BIG-IP Next Central Manager vulnerability
Summary
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
6.8 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000139012 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Next Central Manager |
Affected:
20.0.1 , < 20.2.0
(custom)
|
Date Public
2024-05-08 14:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_next_central_manager:20.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_next_central_manager",
"vendor": "f5",
"versions": [
{
"lessThanOrEqual": "20.1.0",
"status": "affected",
"version": "20.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T04:00:52.512300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:20.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000139012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BIG-IP Next Central Manager",
"vendor": "F5",
"versions": [
{
"lessThan": "20.2.0",
"status": "affected",
"version": "20.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-05-08T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T19:24:59.178Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000139012"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP Next Central Manager vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-33612",
"datePublished": "2024-05-08T15:01:28.082Z",
"dateReserved": "2024-04-24T21:34:20.681Z",
"dateUpdated": "2025-12-16T18:13:20.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35140 (GCVE-0-2024-35140)
Vulnerability from cvelistv5 – Published: 2024-05-31 16:53 – Updated: 2025-11-03 21:54
VLAI
Title
IBM Security Verify Access privilege escalation
Summary
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.
Severity
7.7 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7155356 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security Verify Access Docker |
Affected:
10.0.0 , ≤ 10.0.6
(semver)
cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.6:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:35:14.296110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:36.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:54:53.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7155356"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292416"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_verify_access_docker:10.0.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security Verify Access Docker",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.6",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416."
}
],
"value": "IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T16:53:08.654Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7155356"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292416"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Verify Access privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35140",
"datePublished": "2024-05-31T16:53:08.654Z",
"dateReserved": "2024-05-09T16:27:27.134Z",
"dateUpdated": "2025-11-03T21:54:53.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37311 (GCVE-0-2024-37311)
Vulnerability from cvelistv5 – Published: 2024-08-23 14:26 – Updated: 2024-08-23 16:12
VLAI
Title
Collabora Online's remote host TLS certificates are not fully verified
Summary
Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.
Severity
8.2 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/CollaboraOnline/online/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CollaboraOnline | online |
Affected:
>= 24.04.1.1, < 24.04.4.3
Affected: >= 23.05.0-1, < 23.05.14-1 Affected: < 22.05.23.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T16:11:47.343263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T16:12:01.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "online",
"vendor": "CollaboraOnline",
"versions": [
{
"status": "affected",
"version": "\u003e= 24.04.1.1, \u003c 24.04.4.3"
},
{
"status": "affected",
"version": "\u003e= 23.05.0-1, \u003c 23.05.14-1"
},
{
"status": "affected",
"version": "\u003c 22.05.23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host\u0027s certificate\u0027s against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:26:45.894Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-hvhm-5c44-977x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-hvhm-5c44-977x"
}
],
"source": {
"advisory": "GHSA-hvhm-5c44-977x",
"discovery": "UNKNOWN"
},
"title": "Collabora Online\u0027s remote host TLS certificates are not fully verified"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37311",
"datePublished": "2024-08-23T14:26:45.894Z",
"dateReserved": "2024-06-05T20:10:46.498Z",
"dateUpdated": "2024-08-23T16:12:01.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3738 (GCVE-0-2024-3738)
Vulnerability from cvelistv5 – Published: 2024-04-13 17:31 – Updated: 2024-09-03 17:59
VLAI
Title
cym1102 nginxWebUI saveCmd handlePath certificate validation
Summary
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.
Severity
7.3 (High)
7.3 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.260577 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.260577 | signaturepermissions-required |
| https://github.com/cym1102/nginxWebUI/issues/138 | issue-tracking |
| https://github.com/cym1102/nginxWebUI/files/14818… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cym1102 | nginxWebUI |
Affected:
3.9.0
Affected: 3.9.1 Affected: 3.9.2 Affected: 3.9.3 Affected: 3.9.4 Affected: 3.9.5 Affected: 3.9.6 Affected: 3.9.7 Affected: 3.9.8 Affected: 3.9.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260577 | cym1102 nginxWebUI saveCmd handlePath certificate validation",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260577"
},
{
"name": "VDB-260577 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260577"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/cym1102/nginxWebUI/issues/138"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nginx_ui",
"vendor": "nginxui",
"versions": [
{
"status": "affected",
"version": "3.9.0"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.9.3"
},
{
"status": "affected",
"version": "3.9.4"
},
{
"status": "affected",
"version": "3.9.5"
},
{
"status": "affected",
"version": "3.9.6"
},
{
"status": "affected",
"version": "3.9.7"
},
{
"status": "affected",
"version": "3.9.8"
},
{
"status": "affected",
"version": "3.9.9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3738",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:53:20.526229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:59:26.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nginxWebUI",
"vendor": "cym1102",
"versions": [
{
"status": "affected",
"version": "3.9.0"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.9.3"
},
{
"status": "affected",
"version": "3.9.4"
},
{
"status": "affected",
"version": "3.9.5"
},
{
"status": "affected",
"version": "3.9.6"
},
{
"status": "affected",
"version": "3.9.7"
},
{
"status": "affected",
"version": "3.9.8"
},
{
"status": "affected",
"version": "3.9.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in cym1102 nginxWebUI bis 3.9.9 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handlePath der Datei /adminPage/conf/saveCmd. Durch das Beeinflussen des Arguments nginxPath mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-13T17:31:04.866Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260577 | cym1102 nginxWebUI saveCmd handlePath certificate validation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260577"
},
{
"name": "VDB-260577 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260577"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/cym1102/nginxWebUI/issues/138"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-12T21:38:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "cym1102 nginxWebUI saveCmd handlePath certificate validation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3738",
"datePublished": "2024-04-13T17:31:04.866Z",
"dateReserved": "2024-04-12T19:33:35.237Z",
"dateUpdated": "2024-09-03T17:59:26.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38642 (GCVE-0-2024-38642)
Vulnerability from cvelistv5 – Published: 2024-09-06 16:29 – Updated: 2024-09-06 16:58
VLAI
Title
QuMagie
Summary
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.
We have already fixed the vulnerability in the following version:
QuMagie 2.3.1 and later
Severity
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QuMagie |
Affected:
2.3.x , < 2.3.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T16:58:13.428211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T16:58:21.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QuMagie",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.3.1",
"status": "affected",
"version": "2.3.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "anonymous"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eQuMagie 2.3.1 and later\u003cbr\u003e"
}
],
"value": "An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.3.1 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T16:29:44.378Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eQuMagie 2.3.1 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.3.1 and later"
}
],
"source": {
"advisory": "QSA-24-34",
"discovery": "EXTERNAL"
},
"title": "QuMagie",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2024-38642",
"datePublished": "2024-09-06T16:29:44.378Z",
"dateReserved": "2024-06-19T00:17:01.279Z",
"dateUpdated": "2024-09-06T16:58:21.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38861 (GCVE-0-2024-38861)
Vulnerability from cvelistv5 – Published: 2024-09-27 08:11 – Updated: 2024-09-27 15:21
VLAI
Title
Lack of TLS validation in plugin MikroTik on Checkmk Exchange
Summary
Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.checkmk.com/p/mikrotik | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T15:21:41.675378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:21:54.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.checkmk.com/packages",
"defaultStatus": "affected",
"packageName": "MikroTik",
"versions": [
{
"lessThanOrEqual": "2.5.5",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0a",
"status": "affected",
"version": "0.4a_mk",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakob Hartmann of Limes Security"
},
{
"lang": "en",
"type": "finder",
"value": "Peter Panholzer of Limes Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a."
}
],
"exploits": [
{
"lang": "en",
"value": "A PoC of an exploit was performed, where an attacker would intercept the communication, supply a self-signed certificate to the plugin and would subsequently be able to read transmitted credentials in clear-text."
}
],
"impacts": [
{
"capecId": "CAPEC-217",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-217 Exploiting Incorrectly Configured SSL/TLS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T10:08:54.549Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"product"
],
"url": "https://exchange.checkmk.com/p/mikrotik"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS validation in plugin MikroTik on Checkmk Exchange"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2024-38861",
"datePublished": "2024-09-27T08:11:46.790Z",
"dateReserved": "2024-06-20T10:03:09.178Z",
"dateUpdated": "2024-09-27T15:21:54.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39312 (GCVE-0-2024-39312)
Vulnerability from cvelistv5 – Published: 2024-07-08 16:30 – Updated: 2024-08-02 04:19
VLAI
Title
Botan has an Authorization Error due to Name Constraint Decoding Bug
Summary
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.
Severity
5.3 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/randombit/botan/security/advis… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:randombit:botan:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "botan",
"vendor": "randombit",
"versions": [
{
"lessThan": "2.19.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.5.0",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T19:57:15.379890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:59:00.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "botan",
"vendor": "randombit",
"versions": [
{
"status": "affected",
"version": "\u003c 2.19.5"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T16:30:25.044Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86"
}
],
"source": {
"advisory": "GHSA-jp24-56jm-gg86",
"discovery": "UNKNOWN"
},
"title": "Botan has an Authorization Error due to Name Constraint Decoding Bug"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39312",
"datePublished": "2024-07-08T16:30:25.044Z",
"dateReserved": "2024-06-21T18:15:22.260Z",
"dateUpdated": "2024-08-02T04:19:20.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
Phase: Implementation
Description:
- If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.