Remote Information Disclosure Vulnerability in Dropbox SDK for Android
CVE-2014-8889

5.3MEDIUM

Key Information:

Vendor

Dropbox

Status
Dropbox Sdk
Vendor
CVE Published:
26 September 2017

What is CVE-2014-8889?

The Dropbox SDK for Android prior to version 1.6.2 is susceptible to a vulnerability that could allow remote attackers to gain access to sensitive user information. This vulnerability can be exploited through malware or a drive-by download attack, potentially compromising user data and privacy. It is essential for developers and users of the SDK to update to the latest version to mitigate this risk and ensure secure integration with Android applications.

References

http://www.securityfocus.com/bid/73035
vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/534843/100/1500/th...
mailing-listx_refsource_BUGTRAQ
https://securityintelligence.com/droppedin-remotely-explo...
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.