Lucene search

HuaweiCVE-2024-39674

HistoryJul 25, 2024 - 12:15 p.m.

CVE-2024-39674

2024-07-2512:15:03

CWE-312

huawei

web.nvd.nist.gov

plaintext vulnerability

gallery search module

availability

impact

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.4%

JSON

Plaintext vulnerability in the Gallery search module.
Impact: Successful exploitation of this vulnerability will affect availability.

Affected configurations

Nvd

Vulners

Node

huaweiemuiMatch12.0.0

huaweiemuiMatch13.0.0

huaweiemuiMatch14.0.0

huaweiharmonyosMatch2.0.0

huaweiharmonyosMatch2.1.0

huaweiharmonyosMatch3.0.0

huaweiharmonyosMatch3.1.0

huaweiharmonyosMatch4.0.0

huaweiharmonyosMatch4.2.0

VendorProductVersionCPE
huaweiemui12.0.0cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
huaweiemui13.0.0cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
huaweiemui14.0.0cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.0.0cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.1.0cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
huaweiharmonyos3.0.0cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
huaweiharmonyos3.1.0cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
huaweiharmonyos4.0.0cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
huaweiharmonyos4.2.0cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	emui	12.0.0	cpe:2.3:o:huawei:emui:12.0.0:::::::*
huawei	emui	13.0.0	cpe:2.3:o:huawei:emui:13.0.0:::::::*
huawei	emui	14.0.0	cpe:2.3:o:huawei:emui:14.0.0:::::::*
huawei	harmonyos	2.0.0	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
huawei	harmonyos	2.1.0	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
huawei	harmonyos	3.0.0	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
huawei	harmonyos	3.1.0	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
huawei	harmonyos	4.0.0	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
huawei	harmonyos	4.2.0	cpe:2.3:o:huawei:harmonyos:4.2.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.0"
      },
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.0"
      },
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/7/

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-39674