Executive Summary

Informations
NameCVE-2017-3182First vendor Publication2018-07-24
VendorCveLast vendor Modification2018-10-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score4.3Attack RangeAdjacent network
Cvss Impact Score4.9Attack ComplexityMedium
Cvss Expoit Score5.5AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity capabilities. The ThreatMetrix SDK versions prior to 3.2 do not validate SSL certificates on the iOS platform. An affected application will communicate with https://h-sdk.online-metrix.net, regardless of whether the connection is secure or not. An attacker on the same network as or upstream from the iOS device may be able to view or modify ThreatMetrix network traffic that should have been protected by HTTPS.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3182

CWE : Common Weakness Enumeration

%idName
100 %CWE-295Certificate Issues

Sources (Detail)

SourceUrl
BID https://www.securityfocus.com/bid/95360
CERT-VN https://www.kb.cert.org/vuls/id/767208

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2018-10-02 21:19:59
  • Multiple Updates
2018-07-24 21:19:44
  • First insertion