Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by SODA

    JVNDB-2021-000085

    Vulnerability from jvndb - Published: 2021-09-28 15:18 - Updated:2021-09-28 15:18
    Severity
    4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
    Summary
    SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
    Details
    SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification (CWE-295). Okazawa Yoshihiro of Cryptography Laboratory , Information and Communication Engineering ,Graduate School of Engineering , Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000085.html",
  "dc:date": "2021-09-28T15:18+09:00",
  "dcterms:issued": "2021-09-28T15:18+09:00",
  "dcterms:modified": "2021-09-28T15:18+09:00",
  "description": "SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification (CWE-295).\r\n\r\nOkazawa Yoshihiro of Cryptography Laboratory , Information and Communication Engineering ,Graduate School of Engineering , Tokyo Denki University reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000085.html",
  "sec:cpe": {
    "#text": "cpe:/a:soda-inc:snkrdunk",
    "@product": "SNKRDUNK Market Place App",
    "@vendor": "SODA",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000085",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN10168753/index.html",
      "@id": "JVN#10168753",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20833",
      "@id": "CVE-2021-20833",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20833",
      "@id": "CVE-2021-20833",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification"
}