CVE-2017-5602
Published Feb 9, 2017
Last updated 8 years ago
Overview
- Description
- An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F9E65AE-5D32-465B-B629-F3639306BE81"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61B578FA-28F7-484E-945C-45B271BDB1F0"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9C68990-0DDB-4D89-AB76-DBECFA7350A3"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD1E2A71-147A-45C6-8886-FC4051AD9083"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "126ACD34-E4FA-4A31-9B62-B66C3A1ABB48"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17D06FF3-DD54-4D7A-B731-14071458382F"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29576A29-0835-4BFA-A0D9-7E48EB24E1AA"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F116DCC5-6D42-4EFF-B710-FD83A2E53B5B"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4ACB74B1-195E-44B6-9F71-CFA58E223EFD"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2130786E-DBB4-4B89-AD13-5B53499A5539"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F3658FF-8F5F-440B-9824-6974A6D0A88B"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4CB32B5-4234-4204-9D57-92A348354E7E"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E638252-1EAC-41AD-B38A-CD2DEE90AA47"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C9B3968-131D-4CBF-A76D-1CE2D91D8FC6"
},
{
"criteria": "cpe:2.3:a:jappix_project:jappix:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C82A3CE-1FB3-48DF-A05F-43A79148C886"
}
],
"operator": "OR"
}
]
}
]