Vulnerabilities > CVE-2015-0897 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Line

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

line

CWE-924

NVD

Published: 2023-10-31

Updated: 2023-11-08

Summary

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

Vulnerable Configurations

Part	Description	Count
Application	Line Line Line *	2

Common Weakness Enumeration (CWE)

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

References

http://official-blog.line.me/ja/archives/24809761.html
https://jvn.jp/en/jp/JVN41281927/