Search

Find a vulnerability

Search criteria

    4 vulnerabilities by ALL NIPPON AIRWAYS CO., LTD

    CVE-2018-0611 (GCVE-0-2018-0611)

    Vulnerability from nvd – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Fails to verify SSL certificates
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN71535108/index.html third-party-advisoryx_refsource_JVN
    https://www.ana.co.jp/ja/jp/share/mobile/smartpho… x_refsource_MISC
    Impacted products
    Vendor Product Version
    ALL NIPPON AIRWAYS CO., LTD ANA App for iOS Affected: version 4.0.22 and earlier
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.162Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#71535108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ANA App for iOS",
              "vendor": "ALL NIPPON AIRWAYS CO., LTD",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 4.0.22 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to verify SSL certificates",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#71535108",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0611",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ANA App for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 4.0.22 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ALL NIPPON AIRWAYS CO., LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to verify SSL certificates"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#71535108",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
                },
                {
                  "name": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title",
                  "refsource": "MISC",
                  "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0611",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0611 (GCVE-0-2018-0611)

    Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Fails to verify SSL certificates
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN71535108/index.html third-party-advisoryx_refsource_JVN
    https://www.ana.co.jp/ja/jp/share/mobile/smartpho… x_refsource_MISC
    Impacted products
    Vendor Product Version
    ALL NIPPON AIRWAYS CO., LTD ANA App for iOS Affected: version 4.0.22 and earlier
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.162Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#71535108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ANA App for iOS",
              "vendor": "ALL NIPPON AIRWAYS CO., LTD",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 4.0.22 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to verify SSL certificates",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-26T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#71535108",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0611",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ANA App for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 4.0.22 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ALL NIPPON AIRWAYS CO., LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to verify SSL certificates"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#71535108",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
                },
                {
                  "name": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title",
                  "refsource": "MISC",
                  "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0611",
        "datePublished": "2018-06-26T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2018-000065

    Vulnerability from jvndb - Published: 2018-06-15 14:40 - Updated:2019-12-27 18:08
    Severity
    Summary
    ANA App for iOS fails to verify SSL server certificates
    Details
    ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates (CWE-295). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000065.html",
      "dc:date": "2019-12-27T18:08+09:00",
      "dcterms:issued": "2018-06-15T14:40+09:00",
      "dcterms:modified": "2019-12-27T18:08+09:00",
      "description": "ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates (CWE-295).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000065.html",
      "sec:cpe": {
        "#text": "cpe:/a:ana:all_nippon_airways",
        "@product": "ANA",
        "@vendor": "ALL NIPPON AIRWAYS CO., LTD",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000065",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN71535108/index.html",
          "@id": "JVN#71535108",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0611",
          "@id": "CVE-2018-0611",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0611",
          "@id": "CVE-2018-0611",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "ANA App for iOS fails to verify SSL server certificates"
    }

    JVNDB-2015-000164

    Vulnerability from jvndb - Published: 2015-10-28 14:50 - Updated:2018-03-07 13:50
    Severity
    N/A (UNKNOWN) - -
    Summary
    ANA App fails to verify SSL server certificates
    Details
    ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000164.html",
      "dc:date": "2018-03-07T13:50+09:00",
      "dcterms:issued": "2015-10-28T14:50+09:00",
      "dcterms:modified": "2018-03-07T13:50+09:00",
      "description": "ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates.\r\n\r\nAOKI Keiichi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000164.html",
      "sec:cpe": {
        "#text": "cpe:/a:ana:all_nippon_airways",
        "@product": "ANA",
        "@vendor": "ALL NIPPON AIRWAYS CO., LTD",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000164",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN25086409/index.html",
          "@id": "JVN#25086409",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5666",
          "@id": "CVE-2015-5666",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-5666",
          "@id": "CVE-2015-5666",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "ANA App fails to verify SSL server certificates"
    }