CVE-2014-8889

Опубликовано: 26 сент. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 2.6

EPSS Низкий

Описание

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.

Ссылки

http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/61
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/534843/100/1500/threaded
http://www.securityfocus.com/bid/73035
Third Party Advisory
VDB Entry
https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/
Third Party Advisory
http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/61
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/534843/100/1500/threaded
http://www.securityfocus.com/bid/73035
Third Party Advisory
VDB Entry
https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dropbox:dropbox_sdk:1.5.4:*:*:*:*:android:*:*

cpe:2.3:a:dropbox:dropbox_sdk:1.6.1:*:*:*:*:android:*:*

EPSS

Процентиль: 92%

0.08256

Низкий

5.3 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-q776-jqj9-22hh