CVE-2022-48306

MEDIUM Year: 2022
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-297
View all →

Vulnerability Description

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

Related Vulnerabilities

CVE-2020-15260

MEDIUM
CVSS:6.8(Medium)

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJ...

CWE-2972020

CVE-2021-33695

MEDIUM
CVSS:6.8(Medium)

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.

CWE-2972021

CVE-2016-1280

MEDIUM
CVSS:6.5(Medium)

PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 b...

CWE-2972016

CVE-2024-2466

MEDIUM
CVSS:6.5(Medium)

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when t...

CWE-2972024

CVE-2024-38324

MEDIUM
CVSS:6.5(Medium)

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an ...

CWE-2972024

CVE-2025-42921

MEDIUM
CVSS:6.5(Medium)

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

CWE-2972025