CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-5680

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile10.14th
Published2014年9月9日
Last Modified2026年5月6日

Vulnerability Description

The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Platforms (CPE)

📦
Tapatalk

Tapatalk

= 4.8.0

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/582497
🔗 http://www.kb.cert.org/vuls/id/650961
🔗 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
🔗 http://www.kb.cert.org/vuls/id/582497
🔗 http://www.kb.cert.org/vuls/id/650961
🔗 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

相关漏洞威胁

CVE-2017-146529.8

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated...

CVE-2014-20239.8

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote a...

CVE-2014-88705.8

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab...

CVE-2014-66495.4

The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates fr...