7.5

CVE-2014-1884

Exploit

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

Data is provided by the National Vulnerability Database (NVD)
ApacheCordova Version <= 3.3.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.0.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.0.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.1.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.1.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.2.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.2.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
ApacheCordova Version3.3.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version <= 2.9.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.0.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.0.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.1.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.2.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.2.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.2.0 Updaterc2
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.3.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.3.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.3.0 Updaterc2
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.4.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.4.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.5.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.5.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.6.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.6.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.7.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.7.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.8.0
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.8.1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
AdobePhonegap Version2.9.0 Updaterc1
   MicrosoftWindows Phone Version7
   MicrosoftWindows Phone Version8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.05% 0.822
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P