How severe is CVE-2020-12614?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2020-12614?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2020-12614

HIGH Year: 2020

CVSS v3 Score

8.4

High

Weakness Type

CWE-295

View all →

Vulnerability Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

CVE-2022-32748

HIGH

CVSS:8.3(High)

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could l...

CWE-2952022

CVE-2024-40714

HIGH

CVSS:8.3(High)

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

CWE-2952024

CVE-2018-0277

HIGH

CVSS:8.6(High)

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow a...

CWE-2952018

CVE-2023-5594

HIGH

CVSS:8.6(High)

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

CWE-2952023