CVE-2015-2968

Summary

LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

Affected Software

VendorProductVersion RangeStatus
LINE CorporationLINE@ for Androidversion 1.0.0affected
LINE CorporationLINE@ for iOSversion 1.0.0affected

Weaknesses

  • Script injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References