Lucene search
HistoryAug 14, 2014 - 5:01 a.m.
CVE-2014-5239
microsoft
outlook.com
android
man-in-the-middle
ssl
certificate
security
vulnerability
cve-2014-5239
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.7%
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Affected configurations
Node
microsoftoutlook.comRange≤7.8.2.12.49.6434android
ORmicrosoftoutlook.comMatch7.8.2.10.47.7365android
ORmicrosoftoutlook.comMatch7.8.2.11.48.4848android
ORmicrosoftoutlook.comMatch7.8.2.12.49.0430android
ORmicrosoftoutlook.comMatch7.8.2.12.49.5701android
Related
jvn
jvn
cvelist
cvelist
CVE-2014-5239
2014-08-14 01:00:00
securityvulns
securityvulns
Outlook.com for Android insufficient certificate validation
2014-08-18 00:00:00
Outlook.com for Android fails to validate server certificates
2014-08-18 00:00:00
nvd
nvd
CVE-2014-5239
2014-08-14 05:01:50
prion
prion
Design/Logic Flaw
2014-08-14 05:01:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.7%
Related for CVE-2014-5239