High severity7.5NVD Advisory· Published Dec 16, 2017· Updated May 13, 2026

CVE-2017-3190

Description

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Affected products

Axs/Flash Seats2 versions
cpe:2.3:a:axs:flash_seats:*:*:*:*:*:iphone_os:*:*+ 1 more
- cpe:2.3:a:axs:flash_seats:*:*:*:*:*:iphone_os:*:*range: <=1.9.51
- cpe:2.3:a:axs:flash_seats:*:*:*:*:*:android:*:*range: <=1.7.9
Flash Seats/Flash Seats Mobile Appv5
Range: Android version 1.7.9 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/96719nvdThird Party AdvisoryVDB Entry
www.kb.cert.org/vuls/id/247016nvdThird Party AdvisoryUS Government Resource
www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000