CVE-2014-6881

The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.