CVE-2023-25632 : The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypas

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.

Published 2023-11-27 07:15:43

Updated 2024-09-06 03:15:02

Source Naver Corporation

View at NVD, CVE.org

Products affected by CVE-2023-25632

Naver » Whale Browser » For Android
Versions before (<) 3.0.1.2
cpe:2.3:a:naver:whale_browser:*:*:*:*:*:android:*:*
Matching versions

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: cve@navercorp.com (Secondary)
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Assigned by: cve@navercorp.com (Secondary)

Jump to