CVE-2016-6550

MEDIUM

U by BB&T app <1.5.4 - XSS

Title source: llm

Description

The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References (2)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/338624

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93259

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-310

Status published

Affected Products (2)

bb\&t/the_u < 1.5.4

n/a/n/a

Timeline

Published Oct 05, 2016

Tracked Since Feb 18, 2026