Vulnerability Description
Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Digital Editions | 4.0 |
Related Weaknesses (CWE)
References
- http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-
- http://secunia.com/advisories/61551
- http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebooVendor Advisory
- http://twitter.com/AdobeSecurity/statuses/519826275008282624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97696
- http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-
- http://secunia.com/advisories/61551
- http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebooVendor Advisory
- http://twitter.com/AdobeSecurity/statuses/519826275008282624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97696
FAQ
What is CVE-2014-8068?
CVE-2014-8068 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstra...
How severe is CVE-2014-8068?
CVE-2014-8068 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8068?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Digital Editions.