CVE-2023-29501

low-risk
Published 2023-06-13

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / HIGH complexity

Affected Products (2)

Jiyu Kukan Toku-Toku Coupon
Jiyu Kukan Toku-Toku Coupon

Affected Vendors

Runsystem

References (8)

Product https://apps.apple.com/jp/app/%E8%87%AA%E9%81%8A%E7%A9%BA%E9%96%93%E3%81%A8%E3%8...
Third Party Advisory https://jvn.jp/en/jp/JVN33836375/
Product https://play.google.com/store/apps/details?id=jp.runsystem
Vendor Advisory https://www.runsystem.co.jp/g1-pr/17570
Product https://apps.apple.com/jp/app/%E8%87%AA%E9%81%8A%E7%A9%BA%E9%96%93%E3%81%A8%E3%8...
Third Party Advisory https://jvn.jp/en/jp/JVN33836375/
Product https://play.google.com/store/apps/details?id=jp.runsystem
Vendor Advisory https://www.runsystem.co.jp/g1-pr/17570
23
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low