MidnightBSD

Advisories for labanquepostale

CVE-2014-5076 MEDIUM

The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
labanquepostale labanquepostale *
CVE-2014-5839 MEDIUM

The Acces Compte (aka com.fullsix.android.labanquepostale.accountaccess) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
labanquepostale acces_compte 3.2.6