5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software.
CVEID: CVE-2015-1835 **
DESCRIPTION:** The Apache Cordova could allow a remote attacker to execute arbitrary commands on the system. Applications built with the Cordova framework and lack explicit values set in config.xml can have undefined configuration variables set by Intent. By persuading a victim to click a specially crafted URL, an attacker could exploit this vulnerability to inject malicious content in applications and modify app characteristics including force-closing.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103448 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P)
IBM Rational Application Developer for WebSphere Software 9.1 and 9.1.1
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
Rational Application Developer| 9.1 and 9.1.1| PI43799|
1. Open a command terminal and navigate to <product installation directory>/cordova_cli/
(for Windows) or <product installation directory>/cordova_cli/bin/
(for Linux or MacOS)
2. Issue the following command to upgrade the Android platform to 3.7.2:
cordova platform update [email protected] --usenpm
3. Rebuild your application and redeploy to your users
|
|
|
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N