4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.7%
“Jiyu Kukan Toku-Toku coupon” App provided by RUNSYSTEM CO.,LTD. is vulnerable to improper server certificate verification (CWE-295).
A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.
Update the application
Update the application to the latest version according to the information provided by the developer.
Apply the workaround
Applying the following workarounds may mitigate the impacts of this vulnerability.