MEDIUM 5.9 Publié le 2017-09-30

CVE-2017-14582

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations CPE vulnérables

Vendor	Produit	Plateforme	Versions	CPE 2.3 URI
zohocorp	site24x7_mobile_network_poller	Android	≤1.1.4	cpe:2.3:a:zohocorp:site24x7_mobile_network_poller::::::android::*

Voir sur NVD ↗