CVE-2021-22138

LOW Year: 2021
CVSS v3 Score
3.7
Low
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

Related Vulnerabilities

CVE-2016-1000033

LOW
CVSS:3.7(Low)

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

CWE-2952016

CVE-2016-9015

LOW
CVSS:3.7(Low)

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the li...

CWE-2952016

CVE-2017-15528

LOW
CVSS:3.7(Low)

Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pub...

CWE-2952017

CVE-2019-4150

LOW
CVSS:3.7(Low)

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) a...

CWE-2952019

CVE-2019-4654

LOW
CVSS:3.7(Low)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-F...

CWE-2952019

CVE-2020-9488

LOW
CVSS:3.7(Low)

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messa...

CWE-2952020