CVE-2016-7805

Опубликовано: 09 июн. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

http://www.securityfocus.com/bid/94085
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN27260483/index.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/94085
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN27260483/index.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:unisys:mobigate:*:*:*:*:*:android:*:*

Версия до 2.2.1.2 (включая)

cpe:2.3:a:unisys:mobigate:*:*:*:*:*:iphone_os:*:*

Версия до 2.2.4.1 (включая)

EPSS

Процентиль: 39%

0.00177

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-r352-98mf-rfg9