CWE-297 - Improper Validation of Certificate with Host Mismatch

Description

This weakness describes a case where software uses SSL/TLS connection but fails to properly verify that the certificate is associated withe the hostname.

Latest vulnerabilities for CWE-297

Multiple vulnerabilities in cURL 2024-03-27
Medium Yes

Multiple vulnerabilities in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 2024-03-04
Medium Yes

Improper validation of certificate with host mismatch in IBM Cloud Pak System 2024-01-05
Low Yes

Multiple vulnerabilities in Software Toolbox TOP Server 2023-12-05
High No

Multiple vulnerabilities in GE Digital Industrial Gateway Server 2023-12-05
High No

Multiple vulnerabilities in Rockwell Automation KEPServer Enterprise 2023-12-05
High No

Multiple vulnerabilities in PTC KEPServerEX, ThingWorx and OPC-Aggregator 2023-12-04
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps 2023-10-23
High Yes

Improper validation of certificate with host mismatch in IBM i 2023-10-23
Low Yes

Multiple vulnerabilities in IBM Spectrum Control 2023-10-09
Medium Yes

References

Description of CWE-297 on Mitre website