CVE-2014-2000 : The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain

The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.

Published 2014-06-18 16:55:07

Updated 2025-04-12 10:46:41

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2014-2000

NTT » 050 Plus » For Android
Versions up to, including, (<=) 4.2.0
cpe:2.3:a:ntt:050_plus:*:*:*:*:*:android:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-2000

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-2000

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.6	LOW	AV:N/AC:H/Au:N/C:P/I:N/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-2000

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-2000

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000049

JVNDB-2014-000049 - JVN iPedia - 脆弱性対策情報データベース
http://jvn.jp/en/jp/JVN07677464/995558/index.html

Japan Vulnerability Notes/Information from NTT Communications Corporation
http://jvn.jp/en/jp/JVN07677464/index.html

JVN#07677464: 050 plus for Android information management vulnerability

Jump to

Vulnerability Details : CVE-2014-2000

Products affected by CVE-2014-2000

Exploit prediction scoring system (EPSS) score for CVE-2014-2000

CVSS scores for CVE-2014-2000

CWE ids for CVE-2014-2000

References for CVE-2014-2000