Man-in-the-Middle Vulnerability in Citrix ShareFile Mobile for Android
CVE-2014-1910

Currently unrated

Key Information:

Vendor: Citrix
Status: Sharefile Mobile For Tablets; Sharefile Mobile
Vendor: CVE Published:; 21 February 2014

What is CVE-2014-1910?

The Citrix ShareFile Mobile application for Android devices prior to version 2.4.4 lacks proper verification of X.509 certificates from SSL servers. This vulnerability permits attackers to execute man-in-the-middle attacks, enabling them to spoof legitimate servers. Consequently, these attackers can intercept and manipulate sensitive information transmitted between the application and affected servers, thus compromising data integrity and confidentiality.

References

http://secunia.com/advisories/57020

third-party-advisoryx_refsource_SECUNIA

http://support.citrix.com/article/CTX140303

x_refsource_CONFIRM

http://www.securitytracker.com/id/1029791

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2014
Vulnerability Reserved
Feb 7, 2014