CVE-2012-2635

2022-10-0316:15:35

CWE-200

[email protected]

web.nvd.nist.gov

dolphin browser hd

android

vulnerability

sensitive information disclosure

webview class

cve-2012-2635

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.

Affected configurations

NVD

Node

dolphin-browserdolphin_browser_hdRange≤7.4.0

dolphin-browserdolphin_browser_hdMatch6.2.0

dolphin-browserdolphin_browser_hdMatch7.2.1

dolphin-browserdolphin_browser_hdMatch7.3.0

AND

googleandroid

Node

dolphin-browserdolphin_for_padRange≤1.0beta

CPENameOperatorVersion
dolphin-browser:dolphin_browser_hddolphin-browser dolphin browser hdle7.4.0
dolphin-browser:dolphin_browser_hddolphin-browser dolphin browser hdeq6.2.0
dolphin-browser:dolphin_browser_hddolphin-browser dolphin browser hdeq7.2.1
dolphin-browser:dolphin_browser_hddolphin-browser dolphin browser hdeq7.3.0

CPE	Name	Operator	Version
dolphin-browser:dolphin_browser_hd	dolphin-browser dolphin browser hd	le	7.4.0
dolphin-browser:dolphin_browser_hd	dolphin-browser dolphin browser hd	eq	6.2.0
dolphin-browser:dolphin_browser_hd	dolphin-browser dolphin browser hd	eq	7.2.1
dolphin-browser:dolphin_browser_hd	dolphin-browser dolphin browser hd	eq	7.3.0