Description

TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.

Related CPE's

Could not find any relations

References

https://jvn.jp/en/jp/JVN28515217/

https://tone.ne.jp/vulnerability/14492007.html

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-419

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

3.7 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-07-10T07:15:03.247

3 months ago

Last modified

2024-07-11T15:06:15.210

3 months ago