Lucene search

K
cveVulDBCVE-2017-20181
HistoryMar 07, 2023 - 12:15 a.m.

CVE-2017-20181

2023-03-0700:15:09
CWE-22
VulDB
web.nvd.nist.gov
30
cve-2017-20181
vulnerability
critical
hgzojer vocable trainer
android
path traversal
local attack
upgrade

CVSS2

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0

Percentile

15.5%

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.

Affected configurations

Nvd
Vulners
Node
vocable_trainer_projectvocable_trainerRange<1.3.1android
VendorProductVersionCPE
vocable_trainer_projectvocable_trainer*cpe:2.3:a:vocable_trainer_project:vocable_trainer:*:*:*:*:*:android:*:*

CNA Affected

[
  {
    "vendor": "hgzojer",
    "product": "Vocable Trainer",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      },
      {
        "version": "1.1",
        "status": "affected"
      },
      {
        "version": "1.2",
        "status": "affected"
      },
      {
        "version": "1.3",
        "status": "affected"
      }
    ]
  }
]

CVSS2

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0

Percentile

15.5%

Related for CVE-2017-20181