VDB
CVE-2017-3194
CVE-2017-3194
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
EPSS 0.47% · 65.1th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.47%
65.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pandora | pandora | 0 |
| Pandora Media, Inc. | Pandora iOS App | Prior to 8.3.2 |
Timeline
- Dec 15, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- VU#342303 third-party-advisory
- https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018 url
- 97158 vdb
- https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/ url
- https://nvd.nist.gov/vuln/detail/CVE-2017-3194 advisory
- https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106 url