CVE-2016-1187
medium
CVSS v3
6.8
CVSS v2
4.3
VIR risk
6.8
Description
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
Predictions
Exploit likelihood
77%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — https://support.cybozu.com/ja-jp/article/9495
Vendor advisory: vultures@jpcert.or.jp — https://support.cybozu.com/ja-jp/article/9446
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cybozu | kunai | 2.1.2 | |
| cybozu | kunai | 2.1.3 | |
| cybozu | kunai | 3.0.0 | |
| cybozu | kunai | 3.0.1 | |
| cybozu | kunai | 3.0.2 | |
| cybozu | kunai | 3.0.3 | |
| cybozu | kunai | 3.0.4 | |
| cybozu | kunai | 2.0.3 | |
| cybozu | kunai | 2.0.3.1 | |
| cybozu | kunai | 2.0.4 | |
| cybozu | kunai | 2.0.5 | |
| cybozu | kunai | 2.1.0 | |
| cybozu | kunai | 2.1.1 | |
| cybozu | kunai | 3.0._5 | |
| cybozu | kunai | 3.0.6 | |
| cybozu | kunai | 3.0.7 | |
| cybozu | kunai | 3.1.0 | |
| cybozu | kunai | 3.1.1 | |
| cybozu | kunai | 3.1.2 | |
| cybozu | kunai | 3.1.3 | |
| cybozu | kunai | 3.1.4 | |
| cybozu | kunai | 3.1.5 | |
References
- http://jvn.jp/en/jp/JVN11994518/index.html
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html
- https://support.cybozu.com/ja-jp/article/9446
- https://support.cybozu.com/ja-jp/article/9495
- http://jvn.jp/en/jp/JVN11994518/index.html
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html
- https://support.cybozu.com/ja-jp/article/9446
- https://support.cybozu.com/ja-jp/article/9495
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.