CVE-2018-15898 Detail Current Description The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data.

View Analysis Description Analysis Description The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 5.9 MEDIUM Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 4.3 MEDIUM Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) Weakness Enumeration CWE-ID CWE Name Source CWE-295 Improper Certificate Validation NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 1 change records found show changes Initial Analysis 11/30/2018 4:5:44 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:subsonic:music_streamer:4.4:*:*:*:*:android:*:*



Added CVSS V2 (AV:N/AC:M/Au:N/C:P/I:N/A:N)



Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N



Added CWE CWE-295



Changed Reference Type http://packetstormsecurity.com/files/149267/Subsonic-Music-Streamer-4.4-For-Android-Improper-Certificate-Validation.html No Types Assigned



http://packetstormsecurity.com/files/149267/Subsonic-Music-Streamer-4.4-For-Android-Improper-Certificate-Validation.html Third Party Advisory, VDB Entry



Changed Reference Type http://seclists.org/fulldisclosure/2018/Sep/6 No Types Assigned



http://seclists.org/fulldisclosure/2018/Sep/6 Mailing List, Third Party Advisory



Quick Info CVE Dictionary Entry:

CVE-2018-15898

NVD Published Date:

09/11/2018

NVD Last Modified:

11/30/2018

Source:

MITRE

