CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14710

The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.7%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/
https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/

Products affected by CVE-2017-14710

Shein » Shein-Fashion Shopping Online » Version: N/A

cpe:2.3:a:shein:shein-fashion_shopping_online:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14710

Products

Pricing

Contact Us