exploitDog

GHSA-w8xw-59hx-9h9r

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.9

Описание

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

Ссылки

EPSS

Процентиль: 37%

0.00162

Низкий

5.9 Medium

CVSS3

CVE ID

Дефекты

CWE-295

Связанные уязвимости

CVE-2017-9968

CVSS3: 5.9

nvd

почти 8 лет назад

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

EPSS

Процентиль: 37%

0.00162

Низкий

5.9 Medium

CVSS3

CVE ID

Дефекты

CWE-295