Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1976

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-1976
Last Modified 18 Mar 2014 12:05:27
Published 18 Mar 2014 01:18:18
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1976

Summary

The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerable Systems

Application

  • Yumenomachi Demaecan 2.0.0

  • Yumenomachi Demaecan 2.1.0


References

MISC - https://play.google.com/store/apps/details?id=com.demaecan.androidapp

JVNDB - JVNDB-2014-000030

JVN - JVN#16263849


Last Updated: 27 May 2016 11:04:42