Japan Vulnerability NotesJVN:33836375JVN#33836375: "Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.7%
“Jiyu Kukan Toku-Toku coupon” App provided by RUNSYSTEM CO.,LTD. is vulnerable to improper server certificate verification (CWE-295).
Impact
A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.
Solution
Update the application
Update the application to the latest version according to the information provided by the developer.
Apply the workaround
Applying the following workarounds may mitigate the impacts of this vulnerability.
- Use the application while connected to the carrier’s network or a trusted Wi-Fi access point
Products Affected
- Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier
- Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.7%