CVE-2017-3194

EPSS 0.47%
Veröffentlicht 16.12.2017 02:29:10
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pandora ≫ Pandora SwPlatformiphone_os Version < 8.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.636

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.securityfocus.com/bid/97158

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018

Third Party Advisory

VDB Entry

https://www.kb.cert.org/vuls/id/342303

Third Party Advisory

US Government Resource

https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3194

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3194

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3194

EUVD