CVE-2016-3664

Published: May 23, 2016Modified: May 6, 2026

7.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.

Affected (1)

Products: Trend Micro: Mobile Security

1 product

Mobile Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trend Micro Mobile Security	Up to 3.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html

Source: cve@mitre.org

http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html

Source: cve@mitre.org

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.