{
  "id": "CVE-2024-44097",
  "sourceIdentifier": "dsap-vuln-management@google.com",
  "published": "2024-10-02T14:15:05.670",
  "lastModified": "2024-10-02T14:15:05.670",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "According to the researcher: \"The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server.\""
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "dsap-vuln-management@google.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA",
      "source": "dsap-vuln-management@google.com"
    }
  ]
}