Lucene search

HuaweiCVE-2024-42030

HistoryAug 08, 2024 - 9:15 a.m.

CVE-2024-42030

2024-08-0809:15:07

CWE-701

huawei

web.nvd.nist.gov

vulnerability

content sharing

pop-up

module

service confidentiality

access permission verification

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

Access permission verification vulnerability in the content sharing pop-up module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Affected configurations

Nvd

Vulners

Node

huaweiemuiMatch13.0.0

huaweiemuiMatch14.0.0

huaweiharmonyosMatch3.1.0

huaweiharmonyosMatch4.0.0

huaweiharmonyosMatch4.2.0

VendorProductVersionCPE
huaweiemui13.0.0cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
huaweiemui14.0.0cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
huaweiharmonyos3.1.0cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
huaweiharmonyos4.0.0cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
huaweiharmonyos4.2.0cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	emui	13.0.0	cpe:2.3:o:huawei:emui:13.0.0:::::::*
huawei	emui	14.0.0	cpe:2.3:o:huawei:emui:14.0.0:::::::*
huawei	harmonyos	3.1.0	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
huawei	harmonyos	4.0.0	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
huawei	harmonyos	4.2.0	cpe:2.3:o:huawei:harmonyos:4.2.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.0"
      },
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.0"
      },
      {
        "status": "affected",
        "version": "13.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/8/

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for CVE-2024-42030