{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31537?format=json","vulnerability_id":"VCID-wzsw-pez2-gbch","summary":"Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.","aliases":[{"alias":"CVE-2024-43107"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107","reference_id":"CVE-2024-43107","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T17:13:06Z/"}],"url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107"}],"weaknesses":[{"cwe_id":295,"name":"Improper Certificate Validation","description":"The product does not validate, or incorrectly validates, a certificate."}],"exploits":[],"severity_range_score":"7.2 - 7.2","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzsw-pez2-gbch"}