1 results (0.004 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. La aplicación Zoho Site24x7 Mobile Network Poller en versiones anteriores a 1.1.5 para Android no verifica los certificados de los servidores SSL, lo que permite que los atacantes Man-in-the-Middle (MitM) suplanten servidores y obtengan información sensible mediante un certificado autofirmado. • http://www.securityfocus.com/bid/101091 https://wwws.nightwatchcybersecurity.com/2017/09/27/zoho-site24x7-mobile-network-poller-for-android-didnt-properly-validate-ssl-cve-2017-14582 • CWE-295: Improper Certificate Validation •