Описание
Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data.
Ссылки
- Technical DescriptionThird Party Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.9.12 (включая)
cpe:2.3:a:nutfind:nutfind:*:*:*:*:*:android:*:*
EPSS
Процентиль: 37%
0.00159
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
github
больше 3 лет назад
Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data.
EPSS
Процентиль: 37%
0.00159
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295