← volver
CVE-2024-27440

CVE-2024-27440

CVSS 4.8 MEDIUMEPSS 0.2%CWE-295
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 mar 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
Toyoko Inn IT Solution Co., Ltd. · Toyoko Inn official App for AndroidToyoko Inn IT Solution Co., Ltd. · Toyoko Inn official App for iOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270https://jvn.jp/en/jp/JVN52919306/https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid