Vulnerability Description
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axs | Flash Seats | <= 1.9.51 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96719Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/247016Third Party AdvisoryUS Government Resource
- https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-Third Party Advisory
- http://www.securityfocus.com/bid/96719Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/247016Third Party AdvisoryUS Government Resource
- https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-Third Party Advisory
FAQ
What is CVE-2017-3190?
CVE-2017-3190 is a vulnerability with a CVSS score of 7.5 (HIGH). Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attac...
How severe is CVE-2017-3190?
CVE-2017-3190 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3190?
Check the references section above for vendor advisories and patch information. Affected products include: Axs Flash Seats.