admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-59xx/CVE-2017-5915.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

140 lines
4.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-5915",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-05-05T07:29:00.747",
"lastModified": "2017-05-17T11:27:02.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Emirates NBD KSA versiones 3.10.0 hasta 3.10.4 (EAU) y versiones 2.0.1 hasta 2.1.0 (KSA) de Emirates NBD Bank P.J.S.C para iOS, no comprueba los certificados X.509 de servidores SSL, que permite a los atacantes de tipo man-in-the-middle falsificar los servidores y obtener informaci\u00f3n confidencial por medio de un certificado dise\u00f1ado."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6C000968-1D06-4855-A2E2-3AE05A41B25E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.1:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4E769E56-C48B-4753-A9B1-7731DF8F7E4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.2:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "38329009-9B4A-4599-9E7A-82904300C583"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.3:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BC46E6CA-DCF8-46FC-9C40-DB24A5965FFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.4:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E6C13E1C-AE6C-4634-BB64-76C605AB221B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D8655E7D-49C0-47C8-9611-237FBDBB3EBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.1:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "72E64F97-C55F-44E5-A46E-1B2A9C9FB305"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.1.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D7CF08A5-E592-4BFF-882D-389723ABE3C1"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink