CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-2993

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.067

EPSS Ranking 90.9%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 2.6

References

http://osvdb.org/85619
http://www.kb.cert.org/vuls/id/389795
http://www.securityfocus.com/bid/55569
http://www.securitytracker.com/id?1027541
https://exchange.xforce.ibmcloud.com/vulnerabilities/78620
http://osvdb.org/85619
http://www.kb.cert.org/vuls/id/389795
http://www.securityfocus.com/bid/55569
http://www.securitytracker.com/id?1027541
https://exchange.xforce.ibmcloud.com/vulnerabilities/78620

Products affected by CVE-2012-2993

Microsoft » Windows Phone 7 » Version: N/A

cpe:2.3:h:microsoft:windows_phone_7:-
Microsoft » Windows Phone 7 Firmware » Version: N/A

cpe:2.3:o:microsoft:windows_phone_7_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2993

Products

Pricing

Contact Us