CVE-2014-7242
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
18/10/2017
Last modified:
20/04/2025
Description
The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ms-ins:sumaho:*:*:*:*:*:android:*:* | 3.0.0 (including) | |
cpe:2.3:a:ms-ins:sumaho_driving_capability_diagnosis:*:*:*:*:*:android:*:* | 1.2.2 (including) |
To consult the complete list of CPE names with products and versions, see this page