CVE-2018-7295
Last modified
CVE-2018-7295 is a vulnerability of currently unknown severity. ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Square-Enix | Final Fantasy Xiv | 4.21 |
| Square-Enix | Final Fantasy Xiv | 4.25 |
References
- https://raw.githubusercontent.com/WizardShotTheFood/advisories/master/CVE-2018-7295.txtExploit, Third Party Advisory
- https://raw.githubusercontent.com/WizardShotTheFood/advisories/master/CVE-2018-7295.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7295?
How severe is CVE-2018-7295?
How do I fix CVE-2018-7295?
Are you affected by CVE-2018-7295?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST