CVE Vulnerabilities

CVE-2017-3190

Improper Certificate Validation

Published: Dec 16, 2017 | Modified: Oct 09, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
2.9 LOW
AV:A/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Flash_seats Axs * 1.9.51 (including)

Potential Mitigations

References