MEDIUM 5.9
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected mobile apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| apple | iOS | — | cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:* | |
| gmail | Android | — | cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:* | |
| gmail | iOS | — | cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:* |