CVE-2013-4699 : The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does

The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published 2013-08-21 16:55:11

Updated 2025-04-11 00:51:22

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2013-4699

Yahoo » Yafuoku! » For Android
Versions up to, including, (<=) 4.3.0
cpe:2.3:a:yahoo:yafuoku\!:*:*:*:*:*:android:*:*
Matching versions
Yahoo » Yafuoku! » For Iphone Os
Versions up to, including, (<=) 4.3.0
cpe:2.3:a:yahoo:yafuoku\!:*:*:*:*:*:iphone_os:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-4699

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4699

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-4699

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4699

http://jvn.jp/en/jp/JVN68156832/index.html

JVN#68156832: Yafuoku! contains an issue where it fails to verify SSL server certificates
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078

JVNDB-2013-000078 - JVN iPedia - 脆弱性対策情報データベース

Jump to

Vulnerability Details : CVE-2013-4699

Products affected by CVE-2013-4699

Exploit prediction scoring system (EPSS) score for CVE-2013-4699

CVSS scores for CVE-2013-4699

CWE ids for CVE-2013-4699

References for CVE-2013-4699