Vulnerability Details : CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
Vulnerability category: Information leak
Products affected by CVE-2013-3647
- cpe:2.3:a:cybozu:cybozu_live:*:-:*:*:*:android:*:*
- cpe:2.3:a:cybozu:cybozu_live:1.0.4:-:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3647
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3647
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-3647
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3647
-
http://jvn.jp/en/jp/JVN19740283/index.html
JVN#19740283: Cybozu Live for Android vulnerable in the WebView class
-
https://live.cybozu.co.jp/trouble.html?q=2530
サイボウズLive for Android(Ver.2.0)の不具合(脆弱性)について | チームのためのスマホアプリ サイボウズLiveVendor Advisory
-
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000060
JVNDB-2013-000060 - JVN iPedia - 脆弱性対策情報データベースVendor Advisory
Jump to