CVE-2022-34865

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-295
View all →

Vulnerability Description

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2014-8164

CRITICAL
CVSS:9.1(Critical)

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.

CWE-2952014

CVE-2017-17944

CRITICAL
CVSS:9.1(Critical)

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

CWE-2952017

CVE-2017-17945

CRITICAL
CVSS:9.1(Critical)

The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

CWE-2952017

CVE-2017-18911

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

CWE-2952017

CVE-2018-5926

CRITICAL
CVSS:9.1(Critical)

A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.

CWE-2952018

CVE-2019-17560

CRITICAL
CVSS:9.1(Critical)

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the downloa...

CWE-2952019