CVE-2017-2110

The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
Link Resource
http://jvn.jp/en/jp/JVN82619692/index.html Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96615 Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN82619692/index.html Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96615 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nissan_securities:access_cx:*:*:*:*:*:android:*:*
cpe:2.3:a:nissan_securities:access_cx:*:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 03:22

Type Values Removed Values Added
References () http://jvn.jp/en/jp/JVN82619692/index.html - Third Party Advisory, VDB Entry () http://jvn.jp/en/jp/JVN82619692/index.html - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/96615 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/96615 - Third Party Advisory, VDB Entry

Information

Published : 2017-04-28 16:59

Updated : 2024-11-21 03:22


NVD link : CVE-2017-2110

Mitre link : CVE-2017-2110

CVE.ORG link : CVE-2017-2110


JSON object : View

Products Affected

nissan_securities

  • access_cx
CWE
CWE-295

Improper Certificate Validation