CVE-2024-40702

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-295
View all →

Vulnerability Description

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.

Related Vulnerabilities

CVE-2019-10446

HIGH
CVSS:8.2(High)

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.

CWE-2952019

CVE-2019-16558

HIGH
CVSS:8.2(High)

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.

CWE-2952019

CVE-2024-29072

HIGH
CVSS:8.2(High)

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low p...

CWE-2952024

CVE-2024-37311

HIGH
CVSS:8.2(High)

Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote...

CWE-2952024

CVE-2015-2318

HIGH
CVSS:8.1(High)

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a ...

CWE-2952015

CVE-2015-5263

HIGH
CVSS:8.1(High)

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.

CWE-2952015