Vulnerability Details CVE-2017-3213
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.9%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://www.kb.cert.org/vuls/id/276408
- http://www.securityfocus.com/bid/98308
- https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f
- http://www.kb.cert.org/vuls/id/276408
- http://www.securityfocus.com/bid/98308
- https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f
Products affected by CVE-2017-3213
-
cpe:2.3:a:think_mutual_bank:think_mutual_bank_mobile_banking_app:3.1.5