PT-2019-12377 · Adobe+1 · Sdks+1
Pankaj Upadhyay
·
Published
2019-12-06
·
Updated
2019-12-11
·
CVE-2019-11554
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Audible application versions through 2.34.0 for Android
Description
The issue concerns missing SSL certificate validation for Adobe SDKs in the Audible application, allowing man-in-the-middle (MITM) attackers to cause a denial of service.
Recommendations
For versions through 2.34.0, update to a version that includes the fix for the missing SSL certificate validation issue.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sdks
Audible