← Zuruck zu CVEs
CVE-2021-32755
MEDIUM5.4
Beschreibung
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht7/13/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apple:iphone_oswire:wire
Schwachen (CWE)
CWE-295CWE-295
Referenzen
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v(security-advisories@github.com)
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.