5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.7%
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
jvn.jp/en/jp/JVN01014759/index.html
www.securityfocus.com/bid/96004