CVE-2017-5915

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

he Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References

Link	Resource
https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f
https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.0:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.1:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.2:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.3:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.4:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.0:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.1:::::iphone_os::
	cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.1.0:::::iphone_os::

History

21 Nov 2024, 03:28

Type	Values Removed	Values Added
References	~~() https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f -~~	() https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f -

Information

Published : 2017-05-05 07:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-5915

Mitre link : CVE-2017-5915

CVE.ORG link : CVE-2017-5915

JSON object : View

Products Affected

emirates_nbd_bank_p.j.s.c

CWE

CWE-295

Improper Certificate Validation

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-5915

5.9^/10

4.3^/10

Attach tags to `CVE-2017-5915`