Vulnerability Details : CVE-2013-4873
The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
Exploit prediction scoring system (EPSS) score for CVE-2013-4873
Probability of exploitation activity in the next 30 days: 0.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4873
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4873
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4873
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85823
Tumblr for iOS unspecified information disclosure CVE-2013-4873 Vulnerability Report
-
https://itunes.apple.com/us/app/tumblr/id305343404
Tumblr on the App StorePatch
-
http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/
Tumblr's iOS fix for clear-text password login howler was WEEKS LATE • The Register
-
http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users
TumblrVendor Advisory
Products affected by CVE-2013-4873
- cpe:2.3:a:yahoo:tumblr:*:-:*:*:*:iphone_os:*:*