Vulnerability Details : CVE-2014-1977
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.
Products affected by CVE-2014-1977
- cpe:2.3:a:nttdocomo:spmode_mail_android:*:*:*:*:*:android:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:*:*:*:*:*:android:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5000:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4900:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4000:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5200:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5100:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4300:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4200:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:2631:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:2546:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:3400:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5300:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4500:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4400:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:3100:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:3000:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4800:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4700:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:4600:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:3300:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:3200:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5550:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5500:*:*:*:*:*:*:*
- cpe:2.3:a:nttdocomo:spmode_mail_android:5400:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1977
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1977
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-1977
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1977
-
http://jvn.jp/en/jp/JVN81739241/index.html
JVN#81739241: sp mode mail issue when accessing attachments in incoming mail
-
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027
JVNDB-2014-000027 - JVN iPedia - 脆弱性対策情報データベース
Jump to