Vulnerability Details CVE-2013-7201
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.4%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
References
- http://secunia.com/advisories/57351
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92098
- https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/
- http://secunia.com/advisories/57351
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92098
- https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/
Products affected by CVE-2013-7201
-
cpe:2.3:a:paypal:paypal:3.1.1.1
-
cpe:2.3:a:paypal:paypal:3.3.0.0
-
cpe:2.3:a:paypal:paypal:3.4.0.0
-
cpe:2.3:a:paypal:paypal:4.0.0.1
-
cpe:2.3:a:paypal:paypal:4.1.0.0
-
cpe:2.3:a:paypal:paypal:4.4.1.0
-
cpe:2.3:a:paypal:paypal:5.0.1
-
cpe:2.3:a:paypal:paypal:5.1.3
-
cpe:2.3:a:paypal:paypal:5.3