CVE-2017-5915

MEDIUM

Emirates Nbd - Improper Certificate Validation

Title source: rule

Description

The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References (1)

Scores

CVSS v3 5.9
EPSS 0.0012
EPSS Percentile 31.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-295
Status published
Products (9)
emirates_nbd_bank_p.j.s.c/emirates_nbd
emirates_nbd_bank_p.j.s.c/emirates_nbd
emirates_nbd_bank_p.j.s.c/emirates_nbd
emirates_nbd_bank_p.j.s.c/emirates_nbd
emirates_nbd_bank_p.j.s.c/emirates_nbd
emirates_nbd_bank_p.j.s.c/emirates_nbd_ksa
emirates_nbd_bank_p.j.s.c/emirates_nbd_ksa
emirates_nbd_bank_p.j.s.c/emirates_nbd_ksa
n/a/n/a
Published May 05, 2017
Tracked Since Feb 18, 2026