Bump for Android vulnerable in handling of implicit intents


Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products

Bump Technologies, Inc.
  • Bump for Android


Information such as the owner's name that was obtained from another device may be disclosed.

[Do not use Bump for Android]
According to the developer, Bump is no longer being developed or maintained, thus it is recommended to stop using the product.
Vendor Information

Bump Technologies, Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-5320

  1. JVN : JVN#08994136
  2. National Vulnerability Database (NVD) : CVE-2014-5320
Revision History

  Web page was published
  References : Content was added