CVE-2024-45205

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-295
View all →

Vulnerability Description

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later).

Related Vulnerabilities

CVE-2019-16561

HIGH
CVSS:7.1(High)

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.

CWE-2952019

CVE-2023-2422

HIGH
CVSS:7.1(High)

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a prop...

CWE-2952023

CVE-2020-8156

HIGH
CVSS:7.0(High)

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.

CWE-2952020

CVE-2021-22189

HIGH
CVSS:7.2(High)

Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.

CWE-2952021

CVE-2021-40831

HIGH
CVSS:7.2(High)

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation i...

CWE-2952021

CVE-2022-32152

HIGH
CVSS:7.2(High)

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by defa...

CWE-2952022