4.3

CVE-2012-4006

EPSS 0.22%
Veröffentlicht 17.08.2012 20:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gree ≫ Gree Version <= 1.3.9

Google ≫ Android

Gree ≫ Haconiwa Version <= 1.0.9

Google ≫ Android

Gree ≫ Kaizokuoukoku Columbus Version <= 1.3.4

Google ≫ Android

Gree ≫ Monpura Version <= 1.1.0

Google ≫ Android

Gree ≫ Seisen Cerberus Version <= 1.0.9

Google ≫ Android

Gree ≫ Tanken Dorirando Version <= 1.0.6

Google ≫ Android

Gree ≫ Tsurisuta Version <= 1.4.9

Google ≫ Android

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.414

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://jvn.jp/en/jp/JVN99192898/index.html

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000077

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-4006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4006

EUVD