Lucene search

TalosCVELIST:CVE-2018-3987

HistoryFeb 12, 2020 - 11:36 p.m.

CVE-2018-3987

2020-02-1223:36:14

talos

www.cve.org

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

An exploitable information disclosure vulnerability exists in the ‘Secret Chats’ functionality of Rakuten Viber on Android 9.3.0.6. The ‘Secret Chats’ functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

CNA Affected

[
  {
    "product": " Rakuten Viber",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Rakuten Viber Android 9.3.0.6"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0655

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Related for CVELIST:CVE-2018-3987