exploitDog

CVE-2019-6032

Опубликовано: 26 дек. 2019

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

http://jvn.jp/en/jp/JVN01236065/index.html
Third Party Advisory
https://play.google.com/store/apps/details?id=jp.co.ntv.news24&hl=en
Product
Third Party Advisory
http://jvn.jp/en/jp/JVN01236065/index.html
Third Party Advisory
https://play.google.com/store/apps/details?id=jp.co.ntv.news24&hl=en
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ntv:news_24:*:*:*:*:*:android:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 34%

0.00138

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-f82c-2mg8-7m73

CVSS3: 7.4

github

больше 3 лет назад

The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS

Процентиль: 34%

0.00138

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295