CVE-2022-29082

MEDIUM Year: 2022
CVSS v3 Score
4.6
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-297
View all →

Vulnerability Description

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

Related Vulnerabilities

CVE-2024-7346

MEDIUM
CVSS:4.8(Medium)

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that...

CWE-2972024

CVE-2023-24568

MEDIUM
CVSS:4.3(Medium)

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

CWE-2972023

CVE-2022-22305

MEDIUM
CVSS:4.2(Medium)

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x...

CWE-2972022

CVE-2022-48307

LOW
CVSS:3.7(Low)

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position...

CWE-2972022

CVE-2022-48308

LOW
CVSS:3.7(Low)

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position ...

CWE-2972022

CVE-2014-3603

MEDIUM
CVSS:5.9(Medium)

The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain n...

CWE-2972014