Lucene search

MitreCVE-2019-10038

HistoryMay 31, 2019 - 10:29 p.m.

CVE-2019-10038

2019-05-3122:29:00

CWE-22

mitre

web.nvd.nist.gov

502

evernote

macos

arbitrary execution

local file

security vulnerability

cve-2019-10038

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.204

Percentile

96.4%

JSON

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

Affected configurations

Nvd

Node

evernoteevernoteMatch7.9macos

VendorProductVersionCPE
evernoteevernote7.9cpe:2.3:a:evernote:evernote:7.9:*:*:*:*:macos:*:*

Vendor	Product	Version	CPE
evernote	evernote	7.9	cpe:2.3:a:evernote:evernote:7.9:::::macos::

References

drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing

evernote.com/security/updates

www.inputzero.io/2019/04/evernote-cve-2019-10038.html

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.204

Percentile

96.4%

JSON

Related for CVE-2019-10038