CyberSec.Space Logo
Back to CVE Browser

CVE-2014-5854

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile23.44th
PublishedSep 9, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Platforms (CPE)

πŸ“¦
Clearhub

Windows Live Hotmail Push Mail

= 1.00.97

References & Advisories

πŸ”— http://www.kb.cert.org/vuls/id/525825
πŸ”— http://www.kb.cert.org/vuls/id/582497
πŸ”— https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
πŸ”— http://www.kb.cert.org/vuls/id/525825
πŸ”— http://www.kb.cert.org/vuls/id/582497
πŸ”— https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

Related Vulnerabilities

CVE-2014-054410.0

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR be...

CVE-2014-054510.0

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR be...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...

CVE-2014-937110.0

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a craf...