Refine your search
1 vulnerability found for by Toyoko Inn IT Solution Co., Ltd.
CVE-2024-27440 (GCVE-0-2024-27440)
Vulnerability from cvelistv5
Published
2024-03-13 05:40
Modified
2024-08-05 13:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper server certificate verification
Summary
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toyoko Inn IT Solution Co., Ltd. | Toyoko Inn official App for iOS |
Version: prior to 1.13.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN52919306/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:toyoko_inn:toyoko_inn:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "toyoko_inn",
"vendor": "toyoko_inn",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T14:30:43.556851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T13:41:39.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Toyoko Inn official App for iOS",
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.0"
}
]
},
{
"product": "Toyoko Inn official App for Android",
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior 1.3.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don\u0027t properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper server certificate verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T05:40:22.838Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270"
},
{
"url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid"
},
{
"url": "https://jvn.jp/en/jp/JVN52919306/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27440",
"datePublished": "2024-03-13T05:40:22.838Z",
"dateReserved": "2024-02-26T01:49:51.712Z",
"dateUpdated": "2024-08-05T13:41:39.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}