CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-3750

The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.0%

CVSS Severity

CVSS v2 Score 5.8

References

http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks
http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks

Products affected by CVE-2014-3750

Bilyoner » Bilyoner » Version: 2.1.1

cpe:2.3:a:bilyoner:bilyoner:2.1.1
Bilyoner » Bilyoner » Version: 4.6

cpe:2.3:a:bilyoner:bilyoner:4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3750

Products

Pricing

Contact Us