JVNDB-2020-000006

Multiple Fuji Xerox mobile applications fails to verify SSL server certificates

Multiple Fuji Xerox mobile applications fail to verify SSL server certificates (CWE-295).

Hirotaka Niisato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)

• netprint App for iOS 3.2.3 and earlier - CVE-2020-5520
• Easy netprint App for iOS 2.0.2 and earlier - CVE-2020-5521
• Easy netprint App for Android 2.0.3 and earlier - CVE-2020-5522

According to the developer, netprint App for Android is not affected by this vulnerability.

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

[Update the Software]
Update to the latest version according to the information provided by the developer.

FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)

• Fuji Xerox : Fuji Xerox Co.,Ltd. website (in Japanese)

1. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2020-5520
2. CVE-2020-5521
3. CVE-2020-5522

1. JVN : JVN#66435380
2. National Vulnerability Database (NVD) : CVE-2020-5520
3. National Vulnerability Database (NVD) : CVE-2020-5521
4. National Vulnerability Database (NVD) : CVE-2020-5522

• [2020/01/21]
    Web page was published