LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle)...
5.9CVSS
6.4AI Score
0.0005EPSS
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle)...
5.9CVSS
6.7AI Score
0.0005EPSS
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to...
9.8CVSS
7AI Score
0.001EPSS
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group...
7.5CVSS
7.2AI Score
0.001EPSS
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this...
7.5CVSS
7.2AI Score
0.002EPSS
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address...
5.3CVSS
5AI Score
0.001EPSS
LINE client for iOS before 10.16.3 allows cross site script with specific header in...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the...
7CVSS
6.7AI Score
0.001EPSS
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used.....
6.3CVSS
6.3AI Score
0.001EPSS
LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
5.9CVSS
5.2AI Score
0.001EPSS