CWE-296 · Improper Following of a Certificate's Chain of Trust
16 CVEs classified under CWE-296 (Improper Following of a Certificate's Chain of Trust). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-23155 | Critical | 9.0 | 2021-11-18 | Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This i… |
CVE-2026-27134 | High | 8.1 | 2026-02-20 | Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when… |
CVE-2025-1146 | High | 8.1 | 2025-02-12 | CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has ide… |
CVE-2019-3890 | High | 8.1 | 2019-08-01 | It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential informatio… |
CVE-2021-23162 | High | 7.7 | 2021-11-18 | Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This… |
CVE-2019-3762 | High | 7.5 | 2020-03-18 | Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attac… |
CVE-2021-1566 | High | 7.4 | 2021-06-16 | A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco We… |
CVE-2026-44852 | High | 7.2 | 2026-05-12 | An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download… |
CVE-2026-33779 | Medium | 6.5 | 2026-04-09 | An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the commun… |
CVE-2026-27133 | Medium | 5.9 | 2026-02-20 | Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a cha… |
CVE-2026-42789 | Medium | 4.8 | 2026-05-27 | Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as… |
CVE-2025-10539 | Medium | 4.8 | 2026-04-28 | Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path… |
CVE-2025-22459 | Medium | 4.8 | 2025-04-08 | Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to inter… |
CVE-2024-43196 | Medium | 4.3 | 2025-02-20 | IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to… |
CVE-2025-48057 | | 2025-05-27 | Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Pr… | |
CVE-2021-44532 | | 2022-02-24 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certifica… |