Update java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql

atorralba · web-flow · commit 484a16ce1b2d · 2022-12-19T12:10:32.000+01:00
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -3,7 +3,7 @@
  * @description Network connections that do not use certificate pinning may allow attackers to eavesdrop communications.
  * @kind problem
  * @problem.severity warning
- * @security-severity 7.5
+ * @security-severity 5.9
  * @precision medium
  * @id java/android/missing-certificate-pinning
  * @tags security
