PT-2017-16755 · Emirates Nbd · Emirates Nbd Ksa App

Publicado

2017-05-05

Atualizado

2017-05-17

CVE-2017-5915

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Emirates NBD KSA app versions 2.0.1 through 2.1.0 Emirates NBD KSA app versions 3.10.0 through 3.10.4

Description The issue concerns the failure to verify X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations For versions 2.0.1 through 2.1.0, consider disabling the use of SSL connections until a patch is available. For versions 3.10.0 through 3.10.4, consider disabling the use of SSL connections until a patch is available.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2017-5915

Produtos afetados

Emirates Nbd Ksa App

PT-2017-16755 · Emirates Nbd · Emirates Nbd Ksa App

CVE-2017-5915

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3