CVE-2020-9530

{"id": "CVE-2020-9530", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-03-06T17:15:12.493", "references": [{"url": "https://sec.xiaomi.com/post/180", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-289/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://sec.xiaomi.com/post/180", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-289/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54."}, {"lang": "es", "value": "Se ha detectado un problema en los dispositivos Xiaomi MIUI versi\u00f3n V11.0.5.0.QFAEUXM. El componente export de GetApps(com.xiaomi.mipicks) maneja inapropiadamente la funcionalidad de abrir otros componentes. Los atacantes necesitan inducir a usuarios a abrir p\u00e1ginas web espec\u00edficas en un entorno de red espec\u00edfico. Al saltar al componente WebView de Messaging(com.android.MMS) y cargando p\u00e1ginas web maliciosas, puede ocurrir un filtrado de informaci\u00f3n. Esto es corregido en la versi\u00f3n: 2001122; 11.0.1.54."}], "lastModified": "2024-11-21T05:40:48.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mi:miui_firmware:11.0.5.0.qfaeuxm:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63CFF65D-314B-4414-ADAC-72B10C9E3741"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}