CVE-2019-10038

Опубликовано: 31 мая 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.4

EPSS Низкий

Описание

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

Ссылки

https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing
Broken Link
https://evernote.com/security/updates
Vendor Advisory
https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html
Third Party Advisory
https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing
Broken Link
https://evernote.com/security/updates
Vendor Advisory
https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:evernote:evernote:7.9:*:*:*:*:macos:*:*

EPSS

Процентиль: 84%

0.02299

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-4hwj-vgvq-m592