Vulnerability Details : CVE-2012-5187
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.
Products affected by CVE-2012-5187
- cpe:2.3:a:weathernews:weathernews_touch:*:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.55:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.53:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.51:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.50:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:2.2.0:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.65:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.58:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.49:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.43:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.39:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.20:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:2.1.0:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:2.0.0:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.68:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.67:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.38:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.35:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.33:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.23:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:2.3.1:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:2.1.1:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.66:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.64:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.44:-:*:*:*:android:*:*
- cpe:2.3:a:weathernews:weathernews_touch:1.40:-:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5187
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5187
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-5187
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5187
-
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000005
JVNDB-2013-000005 - JVN iPedia - 脆弱性対策情報データベースVendor Advisory
-
http://jvn.jp/en/jp/JVN86040029/index.html
JVN#86040029: Weathernews Touch for Android stores location information in the system log fileVendor Advisory
Jump to