CVE-2011-4865

The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4865-vulnerability-in-WBlog-MicroBlogPad.html
http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4865-vulnerability-in-WBlog-MicroBlogPad.html

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:tencent:microblogpad:1.4.0:::::::*
	cpe:2.3:a:tencent:wblog:3.3.1:::::::*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4865-vulnerability-in-WBlog-MicroBlogPad.html -~~	() http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4865-vulnerability-in-WBlog-MicroBlogPad.html -

Information

Published : 2012-01-25 04:03

Updated : 2024-11-21 01:33

NVD link : CVE-2011-4865

Mitre link : CVE-2011-4865

CVE.ORG link : CVE-2011-4865

JSON object : View

Products Affected

tencent

wblog
microblogpad

google

android

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-4865", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-25T04:03:28.410", "references": [{"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4865-vulnerability-in-WBlog-MicroBlogPad.html", "source": "cve@mitre.org"}, {"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4865-vulnerability-in-WBlog-MicroBlogPad.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application."}, {"lang": "es", "value": "La aplicaci\u00f3n WBlog (com.tencent.WBlog) v3.3.1 and MicroBlogPad v1.4.0 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar borradores de mensajes y palabras de b\u00fasquedas a trav\u00e9s de una aplicaci\u00f3n modificada."}], "lastModified": "2024-11-21T01:33:09.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tencent:microblogpad:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F609B31-49FB-48C1-BC79-CF12FBFB7C02"}, {"criteria": "cpe:2.3:a:tencent:wblog:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E29AFB7A-B547-4663-A79F-00A8681BDA51"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

5.8 /10