Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6294 CVE-2014-1910 - SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android 2 December 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ShareFile Mobile Application Publisher: Citrix Operating System: Android Resolution: Patch/Upgrade CVE Names: CVE-2014-1910 Original Bulletin: https://support.citrix.com/article/CTX140303/cve20141910-ssl-certificate-validation-vulnerability-in-the-citrix-sharefile-mobile-application-for-android-and-the-citrix-sharefile-mobile-for-tablets-application-for-android Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- CVE-2014-1910 - SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android Reference: CTX140303 Category : Medium Created : 18 February 2014 Modified : 15 August 2019 Description of Problem A vulnerability has been identified in the Citrix ShareFile Mobile application for Android and the Citrix ShareFile Mobile for Tablets application for Android that could result in SSL certificates being incorrectly validated. This vulnerability has been assigned the following CVE number: o CVE-2014-1910: SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android. This vulnerability affects all versions of the Citrix ShareFile Mobile application for Android and the Citrix ShareFile Mobile for Tablets application for Android earlier than version 2.4.4. What Customers Should Do New versions of the Citrix ShareFile Mobile application for Android and the Citrix ShareFile Mobile for Tablets application for Android have been released. Citrix recommends that customers upgrade their ShareFile Mobile and ShareFile Mobile for Tablets to version 2.4.4 or later. These versions are available from the Google Play store at the following locations: ShareFile Mobile: https://play.google.com/store/apps/detailsid= com.sharefile.mobile ShareFile Mobile for Tablets: https://play.google.com/store/apps/detailsid= com.sharefile.mobile.tablet Acknowledgements Citrix thanks Alexandru Gherman of FortConsult ( http://fortconsult.net/ ) for working with us to protect Citrix customers. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY4mKwckNZI30y1K9AQigAw/9FO8G+ftR9s+dIN5+P9RRWVYJ5Tx1gD2K LzyKs0P/iocqgFghn6XH/Z4JV/fvr5zSUEHAHKDpdi8q3NnASfj9w5XnZJm2Knfo EC6m2akAhoaeqCHPOiA3DjTI4NsYBqDSOwTCt23ubZFgOaEPo661997i6V5Zgia0 8zUJGNzE5pOI2UZlIVVFP8T5qnFKcpoA/OjcBcqypOkfD14Ko+gKNZ5wGaK2aXx2 3h+NOPrAub7NPNdBvWQO5l3E3ep71LtHsPHYzRaEUk5bF8QRIgtDvZuu+1Fi1Gmb I4sY8SXRMiqaouH4pZHk9OowGVTVXNPZDFKB5D5tBQf0HilmPeODKNdNWmc/wbQm 1XVkzgy7Og7ClS8ACQUGoqQ+z/93pdGoZmPXeZrzvKTXRt+/OWKJN6Jm2aE1S+OG dADa6l/8V1HUEMoEkXCVOQf3nfcYxequCaRDJdehrWnQpbmU7NsmPlymebbfsTR4 Pd2MK1IY+OwFH9u9r3aMv5F+rW8zsujyNhU1MTkm/YFlO6Y3UuLGwSHw5+KcVLDF BfgNKFfXHJ1kLC8hsNQ0ZvWePN06HdBi8N2IyOxKUZO8x9q4VzymjDzObKEvjYue ECr3Cttz2r4CGjHtkPsTkRXgNCwTYBuDpgoYe7A5ZaQzQH809Wr8Mu0jQCNL68RY av7Ni6l330I= =IwHC -----END PGP SIGNATURE-----