CWE:
 

Topic
Date
Author
Med.
Magento 1.9.x Multiple Man-In The Middle
20.01.2016
Maksymilian Arciemowic...
Med.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
14.05.2015
Maksymilian Arciemowic...
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...


CVEMAP Search Results

CVE
Details
Description
2019-01-09
Low
CVE-2018-16179

Vendor: Mizuhobank
Software: Mizuho direc...
 

 
The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
2018-12-17
Low
CVE-2017-1265

Vendor: IBM
Software: Security gua...
 

 
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.

 
2018-12-05
Medium
CVE-2017-1622

Vendor: IBM
Software: Qradar incid...
 

 
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

 
2018-10-31
Medium
CVE-2018-15326

Vendor: F5
Software: Big-ip acces...
 

 
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.

 
2018-10-24
Low
CVE-2018-18568

Vendor: Polycom
Software: Uc software
 

 
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

 
Low
CVE-2018-18567

Vendor: Audiocodes
Software: 440hd firmware
 

 
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.

 
2018-10-05
Medium
CVE-2018-0434

Vendor: Cisco
Software: Vmanage netw...
 

 
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

 
2018-10-03
Low
CVE-2018-12087

Updating...
 

 
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.

 
2018-10-02
Medium
CVE-2018-1509

Vendor: IBM
Software: Security gua...
 

 
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.

 
2018-09-26
Low
CVE-2018-17215

Vendor: Getpostman
Software: Postman
 

 
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).

 

 


Copyright 2019, cxsecurity.com

 

Back to Top