WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
2018-04-27T16:29:00.427
2024-11-21T02:00:29.137
Modified
CVSSv3.0: 7.4 (HIGH)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9