CVE-2019-6702

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier.

Ссылки

http://packetstormsecurity.com/files/151524/Qkr-With-MasterPass-Man-In-The-Middle.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/21
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Feb/28
Mailing List
Third Party Advisory
https://www.info-sec.ca/advisories/Qkr-MasterCard.html
Third Party Advisory
http://packetstormsecurity.com/files/151524/Qkr-With-MasterPass-Man-In-The-Middle.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/21
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Feb/28
Mailing List
Third Party Advisory
https://www.info-sec.ca/advisories/Qkr-MasterCard.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mastercard:qkr\!_with_masterpass:*:*:*:*:*:iphone_os:*:*

Версия до 5.0.8 (исключая)

EPSS

Процентиль: 73%

0.00746

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-wp8m-443x-323m