Cnnmoney Portfolio
1 CVEs
product
Monthly
The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.
Google
Information Disclosure
Cnnmoney Portfolio
NVD
CVSS 2.0
5.4
EPSS
0.1%
EPSS 0%
CVSS 5.4
MEDIUM
This Month
The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.
Google
Information Disclosure
Cnnmoney Portfolio
NVD