Описание
The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.2 (включая)
Одно из
cpe:2.3:a:mufg:mitsubishi_ufj:*:*:*:*:android:*:*:*
cpe:2.3:a:mufg:mitsubishi_ufj:5.3.1:*:*:*:android:*:*:*
EPSS
Процентиль: 61%
0.00418
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 3.1
github
больше 3 лет назад
The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.
EPSS
Процентиль: 61%
0.00418
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-310