Lucene search
JpcertCVELIST:CVE-2018-0691HistoryNov 15, 2018 - 3:00 p.m.
CVE-2018-0691
2018-11-1515:00:00
jpcert
www.cve.org
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CNA Affected
[
{
"product": "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23)",
"vendor": "Softbank, NTT docomo, KDDI",
"versions": [
{
"status": "affected",
"version": "Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23"
}
]
}
]Related
nvd
nvd
CVE-2018-0691
2018-11-15 15:29:00
jvn
jvn
JVN#37288228: +Message App fails to verify SSL server certificates
2018-09-27 00:00:00
cve
cve
CVE-2018-0691
2018-11-15 15:29:00
prion
prion
Code injection
2018-11-15 15:29:00