CVE-2017-9245

HIGH

Google News and Weather <3.3.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.

References (3)

Core 3
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Jul/36
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99892

Scores

CVSS v3 7.5
EPSS 0.0110
EPSS Percentile 61.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
google/news_and_weather < 3.3.1
Published Jul 19, 2017
Tracked Since Feb 18, 2026