Description
Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57020
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX140303
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029791
Scores
EPSS
0.0020
EPSS Percentile
41.7%
Details
CWE
CWE-310
Status
published
Products (2)
citrix/sharefile_mobile
< 2.4
citrix/sharefile_mobile_for_tablets
< 2.4
Published
Feb 21, 2014
Tracked Since
Feb 18, 2026