CVE-2017-9245

Published: Jul 19, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.

Affected (1)

Products: Google: News And Weather

Google

1 product

News And Weather

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google News And Weather	Before 3.3.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://seclists.org/fulldisclosure/2017/Jul/36

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/99892

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://wwws.nightwatchcybersecurity.com/2017/07/18/advisory-googles-android-news-and-weather-app-doesnt-always-use-ssl-cve-2017-9245/

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2017/Jul/36

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/99892

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://wwws.nightwatchcybersecurity.com/2017/07/18/advisory-googles-android-news-and-weather-app-doesnt-always-use-ssl-cve-2017-9245/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.