CWE-297 - Improper Validation of Certificate with Host Mismatch

Description

This weakness describes a case where software uses SSL/TLS connection but fails to properly verify that the certificate is associated withe the hostname.

Latest vulnerabilities for CWE-297

Multiple vulnerabilities in IBM Application Performance Management 2023-09-12
Medium Yes

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management Monitoring 2023-09-07
Medium Yes

Multiple vulnerabilities in IBM Tivoli Monitoring 2023-09-01
High Yes

Improper validation of certificate with host mismatch in Dell NetWorker 2023-08-22
Low Yes

IBM Operations Analytics Predictive Insights update for IBM WebSphere Application Server 2023-07-25
Medium Yes

Improper validation of certificate with host mismatch in The IBM Engineering Lifecycle Engineering 2023-07-10
Low Yes

Multiple vulnerabilities in IBM Watson Assistant for IBM Cloud Pak for Data 2023-07-06
Medium Yes

Multiple vulnerabilities in IBM Security Verify Governance 2023-06-30
Medium Yes

Multiple vulnerabilities in IBM Cloud Transformation Advisor 2023-05-15
High Yes

MitM attack in IBM WebSphere Application Server Liberty Web Server Plug-ins 2023-05-03
Low No

References

Description of CWE-297 on Mitre website