Published: 24/09/2014 Updated: 05/10/2014
CVSS v2 Base Score: 5.4 | Impact Score: 6.4 | Exploitability Score: 5.5
VMScore: 481
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application 4.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.

Affected Products

Vendor Product Versions
NbaNba Game Time 2013-20144.11