[Japanese]

JVNDB-2014-000109

Bump for Android vulnerable in handling of implicit intents

Overview

Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


Bump Technologies, Inc.
  • Bump for Android

Impact

Information such as the owner's name that was obtained from another device may be disclosed.
Solution

[Do not use Bump for Android]
According to the developer, Bump is no longer being developed or maintained, thus it is recommended to stop using the product.
Vendor Information

Bump Technologies, Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-5320
References

  1. JVN : JVN#08994136
  2. National Vulnerability Database (NVD) : CVE-2014-5320
Revision History

[2014/09/19]
  Web page was published
[2014/09/25]
  References : Content was added