Design/Logic Flaw

2017-12-1602:29:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

CPENameOperatorVersion
pandoralt8.3.2

CPE	Name	Operator	Version
	pandora	lt	8.3.2

References

www.securityfocus.com/bid/97158

exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018

www.kb.cert.org/vuls/id/342303

www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/