Lucene search

Japan Vulnerability NotesJVN:52919306

HistoryMar 06, 2024 - 12:00 a.m.

JVN#52919306: Toyoko Inn official App vulnerable to improper server certificate verification

2024-03-0600:00:00

Japan Vulnerability Notes

jvn.jp

toyoko inn

app

vulnerability

server certificate

update

ios

android

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

15.5%

JSON

Toyoko Inn official App provided by Toyoko Inn IT Solution Co., Ltd. is vulnerable to improper server certificate verification (CWE-295).

Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

Solution

Update the application
Update the application to the latest version according to the information provided by the developer.

Products Affected

Toyoko Inn official App for iOS versions prior to 1.13.0
Toyoko Inn official App for Android versions prior 1.3.14

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for JVN:52919306