CVE-2019-8345
4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
4.2 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.3%
The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker’s web site is displayed in a WebView with no information about the URL.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| estrongs:es_file_explorer_file_manager | estrongs es file explorer file manager | eq | 4.1.9.7.4 |
References
Related
4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
4.2 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.3%