Vulnerability Details CVE-2017-11132
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-11132
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.10
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.11
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.12
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.13
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.14
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.15
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.16
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.17
-
cpe:2.3:a:heinekingmedia:stashcat:1.5.7