CVE-2018-18334

{"id": "CVE-2018-18334", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-02-05T22:29:00.313", "references": [{"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121933.aspx", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121933.aspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensitive information via crafted JavaScript code on vulnerable installations."}, {"lang": "es", "value": "Una vulnerabilidad en el navegador privado de Trend Micro Dr. Safety para Android (Consumer), en versiones anteriores a la 3.0.1478, podr\u00eda permitir a un atacante remoto omitir la pol\u00edtica de mismo origen (SOP) y obtener informaci\u00f3n sensible mediante c\u00f3digo JavaScript manipulado en instalaciones vulnerables."}], "lastModified": "2024-11-21T03:55:44.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:dr._safety:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "1449FA76-D542-4A4A-8ACB-5C5E2DB418D2", "versionEndExcluding": "3.0.1478"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}