← voltar
CVE-2024-27440

CVE-2024-27440

CVSS 4.8 MEDIUMEPSS 0.2%CWE-295
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 mar 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
Toyoko Inn IT Solution Co., Ltd. · Toyoko Inn official App for AndroidToyoko Inn IT Solution Co., Ltd. · Toyoko Inn official App for iOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270https://jvn.jp/en/jp/JVN52919306/https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid