CVE-2024-41724

HIGH Year: 2024
CVSS v3 Score
8.7
High
Weakness Type
CWE-295
View all →

Vulnerability Description

Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.

Related Vulnerabilities

CVE-2020-15133

HIGH
CVSS:8.7(High)

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine t...

CWE-2952020

CVE-2020-15134

HIGH
CVSS:8.7(High)

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `...

CWE-2952020

CVE-2018-0277

HIGH
CVSS:8.6(High)

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow a...

CWE-2952018

CVE-2023-5594

HIGH
CVSS:8.6(High)

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

CWE-2952023

CVE-2017-11364

HIGH
CVSS:8.8(High)

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate ...

CWE-2952017

CVE-2017-3218

HIGH
CVSS:8.8(High)

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.

CWE-2952017