CVE-2024-39771

MEDIUM Year: 2024
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.

Related Vulnerabilities

CVE-2016-7815

MEDIUM
CVSS:4.2(Medium)

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

CWE-2952016

CVE-2020-15719

MEDIUM
CVSS:4.2(Medium)

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectA...

CWE-2952020

CVE-2022-45457

MEDIUM
CVSS:4.2(Medium)

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (W...

CWE-2952022

CVE-2022-45458

MEDIUM
CVSS:4.2(Medium)

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber...

CWE-2952022

CVE-2023-31151

MEDIUM
CVSS:4.2(Medium)

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to co...

CWE-2952023

CVE-2023-38009

MEDIUM
CVSS:4.2(Medium)

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

CWE-2952023