CVE-2017-5915

Published May 5, 2017

Last updated a year ago

Overview

Description: The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-295

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.0:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C000968-1D06-4855-A2E2-3AE05A41B25E"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.1:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E769E56-C48B-4753-A9B1-7731DF8F7E4E"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.2:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38329009-9B4A-4599-9E7A-82904300C583"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.3:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC46E6CA-DCF8-46FC-9C40-DB24A5965FFA"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd:3.10.4:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6C13E1C-AE6C-4634-BB64-76C605AB221B"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.0:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8655E7D-49C0-47C8-9611-237FBDBB3EBD"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.0.1:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E64F97-C55F-44E5-A46E-1B2A9C9FB305"
          },
          {
            "criteria": "cpe:2.3:a:emirates_nbd_bank_p.j.s.c:emirates_nbd_ksa:2.1.0:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7CF08A5-E592-4BFF-882D-389723ABE3C1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References