CVE-2023-29501

2023-06-1300:00:00

jpcert

www.cve.org

jiyu kukan toku-toku

coupon app

improper server certificate

man-in-the-middle

eavesdrop

encrypted communication

ios

android

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

CNA Affected

[
  {
    "vendor": "RUNSYSTEM CO.,LTD.",
    "product": "Jiyu Kukan Toku-Toku coupon App for iOS, and Jiyu Kukan Toku-Toku coupon App for Android",
    "versions": [
      {
        "version": "Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier",
        "status": "affected"
      }
    ]
  }
]