CVE-2020-12488

EPSS 0.2%
Veröffentlicht 10.11.2021 16:15:07
Zuletzt bearbeitet 21.11.2024 04:59:47
Quelle security@vivo.com
CVE-Watchlists
Login
Unerledigt
Login

Broken Access Control Vulnerability in Jovi Smart Scene

The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vivo ≫ Jovi Smart Scene Version < 6.2.2.52

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
security@vivo.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.vivo.com/en/support/security-advisory-detail?id=5

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12488

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12488

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12488

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-12488