Vulnerability Details : CVE-2017-3190
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Products affected by CVE-2017-3190
- cpe:2.3:a:axs:flash_seats:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:axs:flash_seats:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3190
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3190
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2017-3190
-
The product does not validate, or incorrectly validates, a certificate.Assigned by:
- cret@cert.org (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-3190
-
http://www.securityfocus.com/bid/96719
Flash Seats for iOS CVE-2017-3190 SSL Certificate Validation Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/
Flash Seats Mobile App for iOS fails to validate SSL certificates | Wilders Security ForumsThird Party Advisory
-
https://www.kb.cert.org/vuls/id/247016
VU#247016 - Flash Seats Mobile App for Android and iOS fails to validate SSL certificatesThird Party Advisory;US Government Resource
Jump to