CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14612

"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.0%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/
https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/

Products affected by CVE-2017-14612

Shpock » Shpock » Version: Any

cpe:2.3:a:shpock:shpock:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14612

Products

Pricing

Contact Us