Search
Find a vulnerability
Search criteria
4 vulnerabilities by ALL NIPPON AIRWAYS CO., LTD
CVE-2018-0611 (GCVE-0-2018-0611)
Vulnerability from nvd – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
VLAI
Summary
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN71535108/index.html | third-party-advisoryx_refsource_JVN |
| https://www.ana.co.jp/ja/jp/share/mobile/smartpho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ALL NIPPON AIRWAYS CO., LTD | ANA App for iOS |
Affected:
version 4.0.22 and earlier
|
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71535108",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ANA App for iOS",
"vendor": "ALL NIPPON AIRWAYS CO., LTD",
"versions": [
{
"status": "affected",
"version": "version 4.0.22 and earlier"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71535108",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ANA App for iOS",
"version": {
"version_data": [
{
"version_value": "version 4.0.22 and earlier"
}
]
}
}
]
},
"vendor_name": "ALL NIPPON AIRWAYS CO., LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71535108",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
},
{
"name": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title",
"refsource": "MISC",
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0611",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0611 (GCVE-0-2018-0611)
Vulnerability from cvelistv5 – Published: 2018-06-26 14:00 – Updated: 2024-08-05 03:28
VLAI
Summary
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN71535108/index.html | third-party-advisoryx_refsource_JVN |
| https://www.ana.co.jp/ja/jp/share/mobile/smartpho… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ALL NIPPON AIRWAYS CO., LTD | ANA App for iOS |
Affected:
version 4.0.22 and earlier
|
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71535108",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ANA App for iOS",
"vendor": "ALL NIPPON AIRWAYS CO., LTD",
"versions": [
{
"status": "affected",
"version": "version 4.0.22 and earlier"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71535108",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ANA App for iOS",
"version": {
"version_data": [
{
"version_value": "version 4.0.22 and earlier"
}
]
}
}
]
},
"vendor_name": "ALL NIPPON AIRWAYS CO., LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71535108",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
},
{
"name": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title",
"refsource": "MISC",
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0611",
"datePublished": "2018-06-26T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2018-000065
Vulnerability from jvndb - Published: 2018-06-15 14:40 - Updated:2019-12-27 18:08
Severity
Summary
ANA App for iOS fails to verify SSL server certificates
Details
ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates (CWE-295).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000065.html",
"dc:date": "2019-12-27T18:08+09:00",
"dcterms:issued": "2018-06-15T14:40+09:00",
"dcterms:modified": "2019-12-27T18:08+09:00",
"description": "ANA App for iOS provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates (CWE-295).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000065.html",
"sec:cpe": {
"#text": "cpe:/a:ana:all_nippon_airways",
"@product": "ANA",
"@vendor": "ALL NIPPON AIRWAYS CO., LTD",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71535108/index.html",
"@id": "JVN#71535108",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0611",
"@id": "CVE-2018-0611",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0611",
"@id": "CVE-2018-0611",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ANA App for iOS fails to verify SSL server certificates"
}
JVNDB-2015-000164
Vulnerability from jvndb - Published: 2015-10-28 14:50 - Updated:2018-03-07 13:50Summary
ANA App fails to verify SSL server certificates
Details
ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates.
AOKI Keiichi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000164.html",
"dc:date": "2018-03-07T13:50+09:00",
"dcterms:issued": "2015-10-28T14:50+09:00",
"dcterms:modified": "2018-03-07T13:50+09:00",
"description": "ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates.\r\n\r\nAOKI Keiichi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000164.html",
"sec:cpe": {
"#text": "cpe:/a:ana:all_nippon_airways",
"@product": "ANA",
"@vendor": "ALL NIPPON AIRWAYS CO., LTD",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000164",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25086409/index.html",
"@id": "JVN#25086409",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5666",
"@id": "CVE-2015-5666",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-5666",
"@id": "CVE-2015-5666",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ANA App fails to verify SSL server certificates"
}