CVE-2022-22305

MEDIUM Year: 2022
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-297
View all →

Vulnerability Description

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

Related Vulnerabilities

CVE-2023-24568

MEDIUM
CVSS:4.3(Medium)

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

CWE-2972023

CVE-2022-29082

MEDIUM
CVSS:4.6(Medium)

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of...

CWE-2972022

CVE-2022-48307

LOW
CVSS:3.7(Low)

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position...

CWE-2972022

CVE-2022-48308

LOW
CVSS:3.7(Low)

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position ...

CWE-2972022

CVE-2024-7346

MEDIUM
CVSS:4.8(Medium)

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that...

CWE-2972024

CVE-2014-3603

MEDIUM
CVSS:5.9(Medium)

The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain n...

CWE-2972014