MEDIUM 5.9 Published on 2017-02-09

CVE-2017-5590

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS).

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
chatsecure	chatsecure	iOS	—	cpe:2.3:a:chatsecure:chatsecure:3.2.0:::::iphone_os::
chatsecure	chatsecure	iOS	—	cpe:2.3:a:chatsecure:chatsecure:3.2.1:::::iphone_os::
chatsecure	chatsecure	iOS	—	cpe:2.3:a:chatsecure:chatsecure:3.2.2:::::iphone_os::
chatsecure	chatsecure	iOS	—	cpe:2.3:a:chatsecure:chatsecure:3.2.3:::::iphone_os::
chatsecure	chatsecure	iOS	—	cpe:2.3:a:chatsecure:chatsecure:4.0.0:::::iphone_os::
zom	zom	iOS	≤1.0.11	cpe:2.3:a:zom:zom::::::iphone_os::*

View on NVD ↗