Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-0691

Published: 15/11/2018 Updated: 04/02/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

softbank \\+_message

kddi \\+_message

ntttocomo \\+_message

ntt_tocomo \\+_message

References

CWE-295https://www.softbank.jp/mobile/info/personal/news/service/20180927a/https://www.nttdocomo.co.jp/info/notice/page/180927_00.htmlhttps://www.au.com/information/notice_mobile/service/2018-002/http://jvn.jp/en/jp/JVN37288228/index.htmlhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middlecommand injectionCVE-2021-47511CVE-2024-26238CVE-2024-4858CVE-2024-21305XXECVE-2021-47555CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook