NTT DOCOMO sp mode mail Android Improper Access Control (CVE-2014-1977)

Vulnerability Key Information Vulnerability Identifier CVE: CVE-2014-1977 Vulnerability Description The sp mode mail application by NTT DOCOMO contains a function that allows other Android applications to access attachments of incoming emails. This functionality has an issue with improper access control. CVSS Severity CVSS v2 Severity: 2.6 (Low) Base Metrics: - Attack Vector: Network - Attack Complexity: High - Authentication: None - Confidentiality Impact: Partial - Integrity Impact: None - Availability Impact: None Affected Products NTT DOCOMO, INC. - sp mode mail rev.6300 and earlier versions, for Android 4.0.X and earlier - sp mode mail rev.6700 and earlier versions, for Android 4.1 and later Impact If a malicious Android application is installed on the device, it may be able to access attachments of incoming emails. Solution The developer will not provide updates to fix this issue. Usage Considerations According to the developer, a warning regarding this issue is included in the user agreement displayed at the first launch of the application. Vendor Information NTT DOCOMO, INC. - Reference: Improper Access Control CWE CWE-264: Permissions References JVN: JVN#81739241 National Vulnerability Database (NVD): CVE-2014-1977 Revision History 2014/03/18: Webpage published 2014/03/24: Content added

Goal Reached Thanks to every supporter — we hit 100%!

NTT DOCOMO sp mode mail Android Improper Access Control (CVE-2014-1977)