Lucene search
K

3 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.26 views

Security Bulletin: IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502

Summary Apache Cordova, which is used by these products, is vulnerable to Cross-Application Scripting XAS and Data Exfiltration vulnerabilities. A remote attacker might exploit these vulnerabilities to expose sensitive data from the mobile application. Vulnerability Details CVEID: CVE-2014-3500...

6.4CVSS0.9AI score0.04964EPSS
Exploits0Affected Software1
CVE
CVE
added 2014/11/15 9:0 p.m.74 views

CVE-2014-3501

Apache Cordova for Android prior to 3.5.1 is vulnerable (CVE-2014-3501) to bypass the HTTP allowlist via WebView by using JavaScript to open non-http channels, enabling a remote attacker to reach arbitrary servers. The issue stems from improper use of an allowlist when WebView handles non-http co...

4.3CVSS6.8AI score0.03715EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.109 views

(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities

Hi, We have recently discovered a severe Cross-Application Scripting XAS vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques. In addition,...

6.4CVSS0.9AI score0.04964EPSS
Exploits1
Rows per page
Query Builder