CVE-2023-31151

MEDIUM Year: 2023
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details.

Related Vulnerabilities

CVE-2016-7815

MEDIUM
CVSS:4.2(Medium)

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

CWE-2952016

CVE-2020-15719

MEDIUM
CVSS:4.2(Medium)

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectA...

CWE-2952020

CVE-2022-45457

MEDIUM
CVSS:4.2(Medium)

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (W...

CWE-2952022

CVE-2022-45458

MEDIUM
CVSS:4.2(Medium)

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber...

CWE-2952022

CVE-2023-38009

MEDIUM
CVSS:4.2(Medium)

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

CWE-2952023

CVE-2024-28162

MEDIUM
CVSS:4.2(Medium)

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to ...

CWE-2952024