CNNVD-202601-4793 Information
Jan 28, 2026
cve
CNNVD ID
CNNVD-202601-4793
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Funambol是美国Funambol公司的一个数据同步框架。 Funambol v30.0.0.20版本存在安全漏洞,该漏洞源于缩略图显示URL允许攻击者解密和加密应用程序用于生成自签名访问URL的参数,可能导致Padding Oracle攻击。
Description (English)
Funambol is a data synchronization framework for the United States company Funambol. The Funambol v30.0.0.20 version contains a security loophole, derived from thumbnails showing that the URL allows the attacker to decrypt and encrypt applications to generate parameters for a self-signed access to URL, which could lead to a Padding Oracle attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Funambol
Published
2026-01-28
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso/weak-encryption-funambols-cloud-server
Patch
https://www.funambol.com/index.html
Share on: