CVE-2016-7812
low-risk
Published 2017-08-02
The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.
Do I need to act?
-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10
Low
NETWORK
/ HIGH complexity
Affected Products (2)
Mitsubishi Ufj
Mitsubishi Ufj
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/94829
Third Party Advisory
https://jvn.jp/en/vu/JVNVU92900492/
Third Party Advisory
http://www.securityfocus.com/bid/94829
Third Party Advisory
https://jvn.jp/en/vu/JVNVU92900492/
20
/ 100
low-risk
Severity
11/34 · Low
Exploitability
2/34 · Minimal
Exposure
7/34 · Low