CVE-2017-5915

{"id": "CVE-2017-5915", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-05-05T07:29:00.747", "references": [{"url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."}, {"lang": "es", "value": "La aplicaci\u00f3n Emirates NBD KSA versiones 3.10.0 hasta 3.10.4 (EAU) y versiones 2.0.1 hasta 2.1.0 (KSA) de Emirates NBD Bank P.J.S.C para iOS, no comprueba los certificados X.509 de servidores SSL, que permite a los atacantes de tipo man-in-the-middle falsificar los servidores y obtener informaci\u00f3n confidencial por medio de un certificado dise\u00f1ado."}], "lastModified": "2023-11-07T02:49:47.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.0:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "6C000968-1D06-4855-A2E2-3AE05A41B25E"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.1:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "4E769E56-C48B-4753-A9B1-7731DF8F7E4E"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.2:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "38329009-9B4A-4599-9E7A-82904300C583"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.3:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "BC46E6CA-DCF8-46FC-9C40-DB24A5965FFA"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.4:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "E6C13E1C-AE6C-4634-BB64-76C605AB221B"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.0:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "D8655E7D-49C0-47C8-9611-237FBDBB3EBD"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.1:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "72E64F97-C55F-44E5-A46E-1B2A9C9FB305"}, {"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.1.0:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "D7CF08A5-E592-4BFF-882D-389723ABE3C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}