CWE-297 - Improper Validation of Certificate with Host Mismatch

Description

This weakness describes a case where software uses SSL/TLS connection but fails to properly verify that the certificate is associated withe the hostname.

Latest vulnerabilities for CWE-297

Improper validation of certificate with host mismatch in Jenkins View26 Test-Reporting plugin 2022-09-23
Medium No

Improper validation of certificate with host mismatch in Jenkins SmallTest plugin 2022-09-23
Medium No

Multiple vulnerabilities in Apache Pulsar 2022-09-22
Medium Yes

Multiple vulnerabilities in IBM Spectrum Discover 2022-08-15
High Yes

Multiple vulnerabilities in Migration Toolkit for Containers (MTC) 2022-08-03
High Yes

Multiple vulnerabilities in IBM Security Verify Governance 2022-07-12
Medium Yes

Multiple vulnerabilities in IBM Cognos Command Center 2022-06-08
High Yes

MitM attack in FortiToken Mobile 2022-06-08
Medium Yes

Multiple Vulnerabilities in IBM Netcool Agile Service Manager 2022-06-03
High Yes

Multiple vulnerabilities in Zoom Client 2022-05-24
Medium Yes

References

Description of CWE-297 on Mitre website