Vulnerability Description
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%
- https://jvn.jp/en/jp/JVN52919306/
- https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid
- https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%
- https://jvn.jp/en/jp/JVN52919306/
- https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid
FAQ
What is CVE-2024-27440?
CVE-2024-27440 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle a...
How severe is CVE-2024-27440?
CVE-2024-27440 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27440?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.