Lucene search

[email protected]CVE-2015-5632

HistorySep 20, 2015 - 5:59 p.m.

CVE-2015-5632

2015-09-2017:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-5632

runtime engine

newphoria

app framework

whitelist bypass

api access

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors.

Affected configurations

NVD

Node

newphoria_corporationapplicanRange≤1.12.1ios

newphoria_corporationapplicanRange≤1.12.2android

CPENameOperatorVersion
newphoria_corporation:applicannewphoria corporation applicanle1.12.1
newphoria_corporation:applicannewphoria corporation applicanle1.12.2

CPE	Name	Operator	Version
newphoria_corporation:applican	newphoria corporation applican	le	1.12.1
newphoria_corporation:applican	newphoria corporation applican	le	1.12.2

References

jvn.jp/en/jp/JVN73346595/995707/index.html

jvn.jp/en/jp/JVN73346595/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000130

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2015-5632

prion1 jvn1 cvelist1 nvd1