Описание
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.51 (включая)
cpe:2.3:a:axs:flash_seats:*:*:*:*:*:iphone_os:*:*
Конфигурация 2Версия до 1.7.9 (включая)
cpe:2.3:a:axs:flash_seats:*:*:*:*:*:android:*:*
EPSS
Процентиль: 27%
0.00097
Низкий
7.5 High
CVSS3
2.9 Low
CVSS2
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
EPSS
Процентиль: 27%
0.00097
Низкий
7.5 High
CVSS3
2.9 Low
CVSS2
Дефекты
CWE-295
CWE-295