How severe is CVE-2017-3182?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2017-3182?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2017-3182 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity capabilities. The ThreatMetrix SDK versions prior to 3.2 do not validate SSL certificates on the iOS platform. An affected application will communicate with https://h-sdk.online-metrix.net, regardless of whether the connection is secure or not. An attacker on the same network as or upstream from the iOS device may be able to view or modify ThreatMetrix network traffic that should have been protected by HTTPS.

Related Vulnerabilities

CVE-2006-7246

MEDIUM

CVSS:6.8(Medium)

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CWE-2952006

CVE-2015-4100

MEDIUM

CVSS:6.8(Medium)

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authori...

CWE-2952015

CVE-2018-12205

MEDIUM

CVSS:6.8(Medium)

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated u...

CWE-2952018

CVE-2018-16261

MEDIUM

CVSS:6.8(Medium)

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.

CWE-2952018

CVE-2019-3814

MEDIUM

CVSS:6.8(Medium)

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could p...

CWE-2952019

CVE-2019-3841

MEDIUM

CVSS:6.8(Medium)

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the...

CWE-2952019