← Voltar para CVEs
CVE-2021-32755
MEDIUM5.4
Descricao
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
Detalhes CVE
Pontuacao CVSS v3.15.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado7/13/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
apple:iphone_oswire:wire
Fraquezas (CWE)
CWE-295CWE-295
Referencias
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v(security-advisories@github.com)
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.