exploitDog

CVE-2015-2968

Опубликовано: 31 окт. 2023

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

Ссылки

http://official-blog.line.me/ja/archives/36495925.html
Vendor Advisory
https://jvn.jp/en/jp/JVN22546110/
Third Party Advisory
http://official-blog.line.me/ja/archives/36495925.html
Vendor Advisory
https://jvn.jp/en/jp/JVN22546110/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:line:line\@:1.0.0:*:*:*:*:android:*:*

cpe:2.3:a:line:line\@:1.0.0:*:*:*:*:iphone_os:*:*

EPSS

Процентиль: 31%

0.00115

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-924

Связанные уязвимости

GHSA-4qwg-3cm6-6646

CVSS3: 5.9

github

больше 2 лет назад

LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

EPSS

Процентиль: 31%

0.00115

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-924