Lucene search

K
cveIbmCVE-2018-17502
HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-17502

2019-03-2116:00:26
CWE-200
ibm
web.nvd.nist.gov
18
receptionist for ipad
vulnerability
local attacker
sensitive information
contact.json
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

3.9

Confidence

High

EPSS

0

Percentile

5.1%

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.

Affected configurations

Nvd
Vulners
Node
thereceptionistthe_receptionist_for_ipadMatch4.0.4
VendorProductVersionCPE
thereceptionistthe_receptionist_for_ipad4.0.4cpe:2.3:a:thereceptionist:the_receptionist_for_ipad:4.0.4:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "The Receptionist for iPad",
    "vendor": "Los Trigos, Inc",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.4"
      }
    ]
  }
]

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

3.9

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVE-2018-17502