Vulnerability Description
The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icbc | Industrial And Commercial Bank Of China | 2.4 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/116977US Government Resource
- http://www.kb.cert.org/vuls/id/582497US Government Resource
- https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF
- http://www.kb.cert.org/vuls/id/116977US Government Resource
- http://www.kb.cert.org/vuls/id/582497US Government Resource
- https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF
FAQ
What is CVE-2014-7589?
CVE-2014-7589 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac...
How severe is CVE-2014-7589?
CVE-2014-7589 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7589?
Check the references section above for vendor advisories and patch information. Affected products include: Icbc Industrial And Commercial Bank Of China.