Lucene search

Japan Vulnerability NotesJVN:30260727

HistoryJun 29, 2016 - 12:00 a.m.

JVN#30260727: Sushiro App fails to verify SSL server certificates

2016-06-2900:00:00

Japan Vulnerability Notes

jvn.jp

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.2%

JSON

Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates.

Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

Solution

Update the Application
Update to the latest version according to the information provided by the developer.

Products Affected

Sushiro App for iOS version 2.1.16 and earlier
Sushiro App for Android version 2.1.16.1 and earlier

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.2%

JSON

Related for JVN:30260727