Bump for Android vulnerable in handling of implicit intents


Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents.

Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Bump Technologies, Inc.
  • Bump for Android


Information such as the owner's name that was obtained from another device may be disclosed.

[Do not use Bump for Android]
According to the developer, Bump is no longer being developed or maintained, thus it is recommended to stop using the product.
Vendor Information

Bump Technologies, Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-5320

  1. JVN : JVN#08994136
  2. National Vulnerability Database (NVD) : CVE-2014-5320
Revision History

  • [2014/09/19]
      Web page was published
      References : Content was added