CVE-2022-32748

HIGH Year: 2022
CVSS v3 Score
8.3
High
Weakness Type
CWE-295
View all →

Vulnerability Description

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)

Related Vulnerabilities

CVE-2024-40714

HIGH
CVSS:8.3(High)

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

CWE-2952024

CVE-2020-12614

HIGH
CVSS:8.4(High)

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (...

CWE-2952020

CVE-2019-10446

HIGH
CVSS:8.2(High)

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.

CWE-2952019

CVE-2019-16558

HIGH
CVSS:8.2(High)

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.

CWE-2952019

CVE-2024-29072

HIGH
CVSS:8.2(High)

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low p...

CWE-2952024

CVE-2024-37311

HIGH
CVSS:8.2(High)

Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote...

CWE-2952024