Skip to main content

Lala Call

1 CVEs product

Monthly

CVE-2017-2103 MEDIUM PATCH This Month

The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Lala Call
NVD
CVSS 3.0
5.9
EPSS
0.3%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Lala Call
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy