CVE-2016-4818

Опубликовано: 20 апр. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.

Ссылки

http://fx.dmm.com/information/press/2016/2016053001/
Vendor Advisory
http://jvn.jp/en/jp/JVN40898764/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html
Third Party Advisory
VDB Entry
http://www.gaitamejapan.com/support/news/2016/2016053001/
Third Party Advisory
https://jvn.jp/en/jp/JVN40898764/995849/index.html
Third Party Advisory
VDB Entry
http://fx.dmm.com/information/press/2016/2016053001/
Vendor Advisory
http://jvn.jp/en/jp/JVN40898764/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html
Third Party Advisory
VDB Entry
http://www.gaitamejapan.com/support/news/2016/2016053001/
Third Party Advisory
https://jvn.jp/en/jp/JVN40898764/995849/index.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dmm:dmmfx_demo_trade:*:*:*:*:*:android:*:*

Версия до 1.5.0 (включая)

cpe:2.3:a:dmm:dmmfx_trade:*:*:*:*:*:android:*:*

Версия до 1.5.0 (включая)

cpe:2.3:a:dmm:gaitamejapan_fx_trade:*:*:*:*:*:android:*:*

Версия до 1.4.0 (включая)

EPSS

Процентиль: 68%

0.00565

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-972m-28wj-hr23