CVE-2007-3754

CWE-287Improper Authentication3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.7%
top 27.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple IphoneApple Iphone OS
Timeline
PublishedSep 27
Latest updateMay 1

Description

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDapple/iphone1.0
NVDapple/iphone_os1.0.1, 1.0.2+1

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-2qgf-99w3-fmrx: Mail in Apple iPhone 12022-05-01
CVEList
CVE-2007-3754: Mail in Apple iPhone 12007-09-27
CVE-2007-3754 (MEDIUM CVSS 4.3) | Mail in Apple iPhone 1.1.1 | cvebase.io