4 matches found
Security Bulletin: IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502
Summary Apache Cordova, which is used by these products, is vulnerable to Cross-Application Scripting XAS and Data Exfiltration vulnerabilities. A remote attacker might exploit these vulnerabilities to expose sensitive data from the mobile application. Vulnerability Details CVEID: CVE-2014-3500...
CVE-2014-3502
CVE-2014-3502 affects Apache Cordova on Android prior to 3.5.1. The weakness allows remote attackers to open and send data to arbitrary applications by exploiting a crafted Android intent URI scheme, enabling information exposure via manipulated HTML content within a Cordova app. The CVSS base sc...
Apache Cordova 3.5.1: CVE-2014-3502 update
The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html Android Platform Release: 04 Aug 2014 CVE-2014-3502: Cordova apps can potentially...
(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities
Hi, We have recently discovered a severe Cross-Application Scripting XAS vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques. In addition,...