CVE-2024-27440

low-risk

Published 2024-03-13

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.

Do I need to act?

-

0.11% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.8/10 Medium

NETWORK / HIGH complexity

References (6)

https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%...

https://jvn.jp/en/jp/JVN52919306/

https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid

https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%...

https://jvn.jp/en/jp/JVN52919306/

https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid

20

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal