XLM-2024-6484 | Cyber Solutions By Thales

Abstract Advisory Information

The application did not implement certificate pinning.

Author: Valentin Giannini

Version affected

Name: Microsoft Teams

Versions: iOS: 5.18.1

Common Vulnerability Scoring System

6.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Patches

None

References

None

Vulnerability Disclosure Timeline

17/10/2023: Vulnerability discovery
03/11/2023: Vulnerability Report to CERT-XLM
03/11/2023: Vulnerability Report to Vendor through Researcher Portal
14/11/2023: Status request to Vendor
21/11/2023: Additional status request
12/12/2023: Additional status request
21/11/2023: Additional status request
28/11/2023: Additional status request
28/11/2023: Ticket closed by vendor. Severity not high enough, the CVE will not be released.
20/02/2024: Expected vulnerability disclosure