CVE-2017-5915

MEDIUM

Emirates NBD Bank P.J.S.C Emirates NBD KSA 3.10.0-3.10.4 (UAE) and 2.0.1-2.1.0 (KSA) - Improper Certificate Validation

Title source: llm

Description

The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f

Scores

CVSS v3 5.9

EPSS 0.0049

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-295

Status published

Products (8)

emirates_nbd_bank_p.j.s.c/emirates_nbd 3.10.0

emirates_nbd_bank_p.j.s.c/emirates_nbd 3.10.1

emirates_nbd_bank_p.j.s.c/emirates_nbd 3.10.2

emirates_nbd_bank_p.j.s.c/emirates_nbd 3.10.3

emirates_nbd_bank_p.j.s.c/emirates_nbd 3.10.4

emirates_nbd_bank_p.j.s.c/emirates_nbd_ksa 2.0.0

emirates_nbd_bank_p.j.s.c/emirates_nbd_ksa 2.0.1

emirates_nbd_bank_p.j.s.c/emirates_nbd_ksa 2.1.0

Published May 05, 2017

Tracked Since Feb 18, 2026