CVE-2021-27768

MEDIUM

Android App - Info Disclosure

Title source: llm

Description

Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login.

References (1)

[Vendor Advisory] https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097753

Scores

CVSS v3 6.3

EPSS 0.0009

EPSS Percentile 26.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Classification

CWE

CWE-295 CWE-300

Status published

Affected Products (1)

hcltech/verse < 12.0.9

Timeline

Published May 12, 2022

Tracked Since Feb 18, 2026