CVE-2017-3190

HIGH

Flash Seats Mobile App < Android 1.7.9 and < iOS 1.9.51 - Improper Certificate Validation

Title source: llm

Description

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/247016

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96719

Scores

CVSS v3 7.5

EPSS 0.0042

EPSS Percentile 33.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-295

Status published

Products (4)

axs/flash_seats < 1.7.9

axs/flash_seats < 1.9.51

Flash Seats/Flash Seats Mobile App Android version 1.7.9 and earlier

Flash Seats/Flash Seats Mobile App iOS version 1.9.51 and earlier

Published Dec 16, 2017

Tracked Since Feb 18, 2026