CVE-2014-4904

2014-10-21 12:55:04 2014-11-14 15:15:44

The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vector

ADJACENT_NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Crossmo Crossmo calendar 1.7.1 ~~~android~~ (not an official CPE)

Crossmo - Crossmo calendar

Advisory	Patch	Confirmed	Link
			VU#582497
			https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALV...

CVE-2014-4904

2014-10-21 12:55:04 2014-11-14 15:15:44

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Cryptographic Issues (ID 310)