CVE-2018-17502

{"id": "CVE-2018-17502", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2019-03-21T16:00:26.250", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149662", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149662", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails."}, {"lang": "es", "value": "The Receptionist para iPad podr\u00eda permitir que un atacante local obtenga informaci\u00f3n sensible, provocado por un error en el archivo contact.json. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener nombres de contacto, n\u00fameros de tel\u00e9fono y correos electr\u00f3nicos."}], "lastModified": "2024-11-21T03:54:33.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thereceptionist:the_receptionist_for_ipad:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "891775D5-2681-463E-8056-F6BCD92E6EE7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}