The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f
Source: Mitre, NVD
Published: 2017-05-15
Updated: 2023-11-07
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: Medium
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N