CVE-2014-0802

{"id": "CVE-2014-0802", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-12T18:34:56.000", "references": [{"url": "http://jvn.jp/en/jp/JVN88313872/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en la aplicaci\u00f3n aokitaka ZIP with Pass 4.5.7 y anteriores y ZIP with pass Pro 6.3.8 y anteriores para Android, permite a atacantes sobreescribir o crear archivos de forma arbitraria a trav\u00e9s de vectores no especificados."}], "lastModified": "2014-01-13T19:07:31.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aokitaka:zip_with_pass:*:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "87D566EC-8B18-4AB2-95CA-DF820011067A", "versionEndIncluding": "4.5.7"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:*:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "2E8B2E19-C7E9-48E6-9309-576487183A3A", "versionEndIncluding": "6.3.8"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.2.1:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "F3FE6C79-8A17-499E-B602-91357EF2DD7C"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.2.2:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "D9C9FB14-0515-4882-81DA-03F85BCBCDBE"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.0:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "2F683788-D3E0-4676-8B43-14FB3A82E7D5"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.4:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "214A33B0-53A8-465C-9668-CF44FDB9C2B8"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.5:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "4153E226-00D9-47FA-862B-0322344DAB35"}, {"criteria": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.7:-:-:*:-:android:*:*", "vulnerable": true, "matchCriteriaId": "1B30BF61-E0B9-4327-94FF-BB07D4D738B2"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}