Details of VAR-201803-1875

ID

VAR-201803-1875

CVE

CVE-2018-9140

TITLE

Samsung Cross-site scripting vulnerability in mobile device software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003404

DESCRIPTION

On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. Samsung Mobile device software contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability SVE-2017-10747 It is released as.Information may be obtained and information may be altered. Samsungmobiledevices and so on are all released by South Korea's Samsung (Samsung) company's smart mobile devices. AndroidM is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). Emailapplication is one of the email applications

Trust: 2.16

sources: NVD: CVE-2018-9140 // JVNDB: JVNDB-2018-003404 // CNVD: CNVD-2018-08464

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-08464

AFFECTED PRODUCTS

vendor:	samsung	model:	mobile	scope:	eq	version:	6.0	Trust: 2.4
vendor:	samsung	model:	mobile devices m	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-08464 // JVNDB: JVNDB-2018-003404 // CNNVD: CNNVD-201804-062 // NVD: CVE-2018-9140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9140
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-9140
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-08464
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-062
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-9140
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08464
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-9140
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-08464 // JVNDB: JVNDB-2018-003404 // CNNVD: CNNVD-201804-062 // NVD: CVE-2018-9140

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-003404 // NVD: CVE-2018-9140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-062

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201804-062

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003404

PATCH

title:	Android Security Updates	url:	https://security.samsungmobile.com/securityUpdate.smsb	Trust: 0.8
title:	Samsung mobile device Email application cross-site scripting vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/127523	Trust: 0.6
title:	Samsung Mobile devices Email Fixes for application security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82929	Trust: 0.6

sources: CNVD: CNVD-2018-08464 // JVNDB: JVNDB-2018-003404 // CNNVD: CNNVD-201804-062

EXTERNAL IDS

db:	NVD	id:	CVE-2018-9140	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-003404	Trust: 0.8
db:	CNVD	id:	CNVD-2018-08464	Trust: 0.6
db:	CNNVD	id:	CNNVD-201804-062	Trust: 0.6

sources: CNVD: CNVD-2018-08464 // JVNDB: JVNDB-2018-003404 // CNNVD: CNNVD-201804-062 // NVD: CVE-2018-9140

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9140	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9140	Trust: 0.8

sources: CNVD: CNVD-2018-08464 // JVNDB: JVNDB-2018-003404 // CNNVD: CNNVD-201804-062 // NVD: CVE-2018-9140

SOURCES

db:	CNVD	id:	CNVD-2018-08464
db:	JVNDB	id:	JVNDB-2018-003404
db:	CNNVD	id:	CNNVD-201804-062
db:	NVD	id:	CVE-2018-9140

LAST UPDATE DATE

2024-11-23T22:38:14.763000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08464	date:	2018-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-003404	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201804-062	date:	2018-04-02T00:00:00
db:	NVD	id:	CVE-2018-9140	date:	2024-11-21T04:15:03.443

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-08464	date:	2018-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-003404	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201804-062	date:	2018-04-02T00:00:00
db:	NVD	id:	CVE-2018-9140	date:	2018-03-30T08:29:00.683