Lucene search

K
cve[email protected]CVE-2015-5655
HistoryNov 10, 2015 - 3:59 a.m.

CVE-2015-5655

2015-11-1003:59:00
CWE-310
web.nvd.nist.gov
25
adways party track sdk
ios
man-in-the-middle attack
ssl
x.509 certificates
cve-2015-5655
nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.5%

The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected configurations

NVD
Node
adwaysparty_track_sdkRange1.6.5iphone_os

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.5%

Related for CVE-2015-5655