CVE-2017-3213

Опубликовано: 05 мая 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

http://www.kb.cert.org/vuls/id/276408
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/98308
Third Party Advisory
VDB Entry
https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f
http://www.kb.cert.org/vuls/id/276408
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/98308
Third Party Advisory
VDB Entry
https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:think_mutual_bank:think_mutual_bank_mobile_banking_app:3.1.5:*:*:*:*:iphone_os:*:*

EPSS

Процентиль: 45%

0.00223

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-cwwc-9r7p-wq9x