CVE-2013-7201
First published: Fri Apr 27 2018(Updated: )
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paypal Paypal | <=5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-7201?
The severity of CVE-2013-7201 is high (7.4).
What is CVE-2013-7201?
CVE-2013-7201 is a vulnerability in WebHybridClient.java in PayPal 5.3 and earlier for Android that allows man-in-the-middle attackers to spoof servers and obtain sensitive information by ignoring SSL errors.
How can this vulnerability be exploited?
This vulnerability can be exploited by a man-in-the-middle attacker who can intercept communications between the PayPal app and the server, allowing them to spoof servers and obtain sensitive information.
What is the affected software of CVE-2013-7201?
The affected software of CVE-2013-7201 is PayPal 5.3 and earlier for Android.
How do I fix CVE-2013-7201?
To fix CVE-2013-7201, update your PayPal app to a version that includes a fix for the SSL error handling.
- collector/nvd-index
- vendor/paypal
- product/paypal
- canonical/paypal paypal