Apache Cordova is an open source framework for mobile development.
The Cordova framework is used in all Mobile environments in IBM Workligh and IBM MobileFirst Platform Foundation but this particluar Open Source Apache Cordova vulnerability is affected only for Android platform.
CVEID: CVE-2017-3160
DESCRIPTION: Apache Cordova Android could allow a remote attacker to conduct man-in-the-middle techniques, caused by the failure to use https by default by the Gradle Distribution URL. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks and make the Gradle URL unsafe.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121354> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-6799
DESCRIPTION: Apache Cordova Android could allow local attacker to obtain sensitive information, caused by a flaw in the Log class. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125857> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM MobileFirst Platform Foundation
| 8.0| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
—|—|—|—
IBM MobileFirst Platform Foundation| 7.1| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
IBM MobileFirst Platform Foundation| 7.0| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
IBM MobileFirst Platform Foundation| 6.3| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
IBM Worklight| 6.2| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
IBM Worklight| 6.1| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
IBM Worklight| 6.0| PI87100| Download the latest iFix for IBM MobileFirst Platform Foundation on FixCentral
None