CVE-2021-32755

EPSS 0.31%
Veröffentlicht 13.07.2021 21:15:07
Zuletzt bearbeitet 21.11.2024 06:07:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Certificate pinning is not enforced on the web socket connection

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wire ≫ Wire Version < 3.84

Apple ≫ iPhone OS Version >= 13.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.229

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32755

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32755

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32755

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32755