Vulnerability Details CVE-2017-3190
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 2.9
References
- http://www.securityfocus.com/bid/96719
- https://www.kb.cert.org/vuls/id/247016
- https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/
- http://www.securityfocus.com/bid/96719
- https://www.kb.cert.org/vuls/id/247016
- https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/
Products affected by CVE-2017-3190
-
cpe:2.3:a:axs:flash_seats:1.5
-
cpe:2.3:a:axs:flash_seats:1.5.0
-
cpe:2.3:a:axs:flash_seats:1.6
-
cpe:2.3:a:axs:flash_seats:1.6.0
-
cpe:2.3:a:axs:flash_seats:1.6.2
-
cpe:2.3:a:axs:flash_seats:1.7
-
cpe:2.3:a:axs:flash_seats:1.7.0
-
cpe:2.3:a:axs:flash_seats:1.7.9
-
cpe:2.3:a:axs:flash_seats:1.8
-
cpe:2.3:a:axs:flash_seats:1.8.1
-
cpe:2.3:a:axs:flash_seats:1.9.3
-
cpe:2.3:a:axs:flash_seats:1.9.31
-
cpe:2.3:a:axs:flash_seats:1.9.44
-
cpe:2.3:a:axs:flash_seats:1.9.45
-
cpe:2.3:a:axs:flash_seats:1.9.47
-
cpe:2.3:a:axs:flash_seats:1.9.48
-
cpe:2.3:a:axs:flash_seats:1.9.49
-
cpe:2.3:a:axs:flash_seats:1.9.50
-
cpe:2.3:a:axs:flash_seats:1.9.51