Refine your search
1 vulnerability found for Access CX App for iOS by NISSAN SECURITIES CO., LTD.
CVE-2017-2110 (GCVE-0-2017-2110)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to verify SSL certificates
Summary
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NISSAN SECURITIES CO., LTD. | Access CX App for Android |
Version: prior to Ver2.0.0.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#82619692",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN82619692/index.html"
},
{
"name": "96615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access CX App for Android",
"vendor": "NISSAN SECURITIES CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to Ver2.0.0.1"
}
]
},
{
"product": "Access CX App for iOS",
"vendor": "NISSAN SECURITIES CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to Ver2.0.2"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#82619692",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN82619692/index.html"
},
{
"name": "96615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96615"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access CX App for Android",
"version": {
"version_data": [
{
"version_value": "prior to Ver2.0.0.1"
}
]
}
},
{
"product_name": "Access CX App for iOS",
"version": {
"version_data": [
{
"version_value": "prior to Ver2.0.2"
}
]
}
}
]
},
"vendor_name": "NISSAN SECURITIES CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#82619692",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82619692/index.html"
},
{
"name": "96615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96615"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2110",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}