CVE-2014-1910 — Citrix Sharefile Mobile vulnerability

CWE-3104 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 58.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Sharefile Mobile Citrix Sharefile Mobile FOR Tablets Citrix Sharefile +2 more

Timeline

PublishedFeb 21

Latest updateMay 17

Description

Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages4 packages

▶NVDcitrix/sharefile_mobile2.4

▶citrixcitrix/sharefile

▶citrixcitrix/citrix_sharefile

▶citrixcitrix/xenserver

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-39vw-wfh4-78f7: Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2014-1910: Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-i↗2014-02-21

▶

Citrix

CVE-2014-1910 - SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android↗

▶