Security

Critical

High

Medium

Low

Identifier

CVE-2014-0806

Reporter

jpcert

State

PUBLISHED

Published

2014-01-22 21:00:00 UTC

Got Fix

CWE

Affected Count

Last Updated

2024-08-06 09:27:20 UTC

Description

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.

CVSS Metrics

CVSS

AV - Attack Vector N/A
AC - Attack Complexity N/A
PR - Privileges Required N/A
UI - User Interaction N/A

AI - Availability Impact N/A
CI - Confidentiality N/A
II - Integrity Impact N/A

SC - Scope N/A
V - Version N/A

References

1 http://jvn.jp/en/jp/JVN81637882/index.html 2 http://jvndb.jvn.jp/jvndb/JVNDB-2014-000007

Affected Products

Weakness Enumeration

TYPE	Description
text	n/a

Identifier

Reporter

State

Published

Got Fix

CWE

Affected Count

Last Updated

Repository:

Vendor:

Identifier

Reporter

State

Published

Got Fix

CWE

Affected Count

Last Updated

n/a

Repository:

Vendor: