CVE-2018-18330 : An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Con

An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations.

Published 2018-12-21 15:29:00

Updated 2020-08-24 17:37:01

Source Trend Micro, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-18330

Trendmicro » Dr. Safety » For Android
Versions up to, including, (<=) 3.0.1324
cpe:2.3:a:trendmicro:dr._safety:*:*:*:*:*:android:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-18330

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-18330

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2018-18330

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121673.aspx

Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-18330

Products affected by CVE-2018-18330

Exploit prediction scoring system (EPSS) score for CVE-2018-18330

CVSS scores for CVE-2018-18330

References for CVE-2018-18330