exploitDog

CVE-2017-15308

Опубликовано: 22 дек. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:ireader:*:*:*:*:*:*:*:*

Версия до 8.0.2.301 (исключая)

EPSS

Процентиль: 41%

0.00196

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-mjx4-45h2-6f5r

CVSS3: 8.8

github

больше 3 лет назад

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.

EPSS

Процентиль: 41%

0.00196

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20