HIGH 7.5
CVE-2017-9245
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| news_and_weather | Android | <3.3.1 | cpe:2.3:a:google:news_and_weather:*:*:*:*:*:android:*:* |