Vulnerability Details : CVE-2014-5883

The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published 2014-09-12 16:55:02

Updated 2014-09-22 17:34:29

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-5883

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 16 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-5883

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.4	MEDIUM	AV:A/AC:M/Au:N/C:P/I:P/A:P	5.5	6.4	[email protected]
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-5883

CWE-310

Assigned by: [email protected] (Primary)

References for CVE-2014-5883

http://www.kb.cert.org/vuls/id/582497

Third Party Advisory;US Government Resource

CVEs referencing this url
https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

CVEs referencing this url

Products affected by CVE-2014-5883

7-eleven » 7-eleven » Version: 2.08.000 For Android
cpe:2.3:a:7-eleven:7-eleven:2.08.000:*:*:*:*:android:*:*
Matching versions