Aggregates CVE and security vulnerability intelligence across all sbi-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-17404 | The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. | [email protected] | 5.3 | 0.33% | 2018-09-23 | 2024-11-21 |
| CVE-2018-17108 | The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. | [email protected] | 8.8 | 0.35% | 2018-09-16 | 2024-11-21 |
| CVE-2014-5954 | The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | [email protected] | 5.4 | 0.10% | 2014-09-18 | 2026-05-06 |