Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.6294
CVE-2014-1910 - SSL Certificate Validation Vulnerability in the Citrix
ShareFile Mobile Application for Android and the Citrix
ShareFile Mobile for Tablets Application for Android
2 December 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ShareFile Mobile Application
Publisher: Citrix
Operating System: Android
Resolution: Patch/Upgrade
CVE Names: CVE-2014-1910
Original Bulletin:
https://support.citrix.com/article/CTX140303/cve20141910-ssl-certificate-validation-vulnerability-in-the-citrix-sharefile-mobile-application-for-android-and-the-citrix-sharefile-mobile-for-tablets-application-for-android
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
CVE-2014-1910 - SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android
Reference: CTX140303
Category : Medium
Created : 18 February 2014
Modified : 15 August 2019
Description of Problem
A vulnerability has been identified in the Citrix ShareFile Mobile application
for Android and the Citrix ShareFile Mobile for Tablets application for Android
that could result in SSL certificates being incorrectly validated.
This vulnerability has been assigned the following CVE number:
o CVE-2014-1910: SSL Certificate Validation Vulnerability in the Citrix
ShareFile Mobile Application for Android and the Citrix ShareFile Mobile
for Tablets Application for Android.
This vulnerability affects all versions of the Citrix ShareFile Mobile
application for Android and the Citrix ShareFile Mobile for Tablets application
for Android earlier than version 2.4.4.
What Customers Should Do
New versions of the Citrix ShareFile Mobile application for Android and the
Citrix ShareFile Mobile for Tablets application for Android have been released.
Citrix recommends that customers upgrade their ShareFile Mobile and ShareFile
Mobile for Tablets to version 2.4.4 or later.
These versions are available from the Google Play store at the following
locations:
ShareFile Mobile: https://play.google.com/store/apps/detailsid=
com.sharefile.mobile
ShareFile Mobile for Tablets: https://play.google.com/store/apps/detailsid=
com.sharefile.mobile.tablet
Acknowledgements
Citrix thanks Alexandru Gherman of FortConsult ( http://fortconsult.net/ ) for
working with us to protect Citrix customers.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY4mKwckNZI30y1K9AQigAw/9FO8G+ftR9s+dIN5+P9RRWVYJ5Tx1gD2K
LzyKs0P/iocqgFghn6XH/Z4JV/fvr5zSUEHAHKDpdi8q3NnASfj9w5XnZJm2Knfo
EC6m2akAhoaeqCHPOiA3DjTI4NsYBqDSOwTCt23ubZFgOaEPo661997i6V5Zgia0
8zUJGNzE5pOI2UZlIVVFP8T5qnFKcpoA/OjcBcqypOkfD14Ko+gKNZ5wGaK2aXx2
3h+NOPrAub7NPNdBvWQO5l3E3ep71LtHsPHYzRaEUk5bF8QRIgtDvZuu+1Fi1Gmb
I4sY8SXRMiqaouH4pZHk9OowGVTVXNPZDFKB5D5tBQf0HilmPeODKNdNWmc/wbQm
1XVkzgy7Og7ClS8ACQUGoqQ+z/93pdGoZmPXeZrzvKTXRt+/OWKJN6Jm2aE1S+OG
dADa6l/8V1HUEMoEkXCVOQf3nfcYxequCaRDJdehrWnQpbmU7NsmPlymebbfsTR4
Pd2MK1IY+OwFH9u9r3aMv5F+rW8zsujyNhU1MTkm/YFlO6Y3UuLGwSHw5+KcVLDF
BfgNKFfXHJ1kLC8hsNQ0ZvWePN06HdBi8N2IyOxKUZO8x9q4VzymjDzObKEvjYue
ECr3Cttz2r4CGjHtkPsTkRXgNCwTYBuDpgoYe7A5ZaQzQH809Wr8Mu0jQCNL68RY
av7Ni6l330I=
=IwHC
-----END PGP SIGNATURE-----