JVN#66435380: Multiple Fuji Xerox mobile applications fails to verify SSL server certificates

2020-01-21T00:00:00
ID JVN:66435380
Type jvn
Reporter Japan Vulnerability Notes
Modified 2020-01-21T00:00:00

Description

## Description

Multiple Fuji Xerox mobile applications fail to verify SSL server certificates (CWE-295).

## Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • netprint App for iOS 3.2.3 and earlier - CVE-2020-5520
  • kantan netprint App for iOS 2.0.2 and earlier - CVE-2020-5521
  • kantan netprint App for Android 2.0.3 and earlier - CVE-2020-5522 According to the developer, netprint App for Android is not affected by this vulnerability.