CVE-2014-3902 in Amebainfo

Summary

The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Reservation

05/27/2014

Disclosure

08/15/2014

Moderation

VulDB entry created

Entries

VDB-70632

CPE

ready

CWE

CWE-310 (Confirmed)

CVSS

6.5

EPSS

0.00157

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-3902
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3902
CVE Details	https://www.cvedetails.com/cve/CVE-2014-3902/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!