Vulnerability Name:

CVE-2014-3502 (CCN-94443)

Assigned:2014-08-04
Published:2014-08-04
Updated:2014-11-17
Summary:Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Apache Web site
Cordova

Source: CONFIRM
Type: Vendor Advisory
http://cordova.apache.org/announcements/2014/08/04/android-351.html

Source: CONFIRM
Type: Vendor Advisory
http://cordova.apache.org/announcements/2014/08/06/android-351-update.html

Source: MITRE
Type: CNA
CVE-2014-3502

Source: CCN
Type: IBM Security Bulletin 1681138
IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502

Source: CCN
Type: IBM Security Bulletin 1681356
Multiple vulnerabilities affecting the Cordova platform packaged with Rational Application Developer (CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502)

Source: CCN
Type: IBM Security Bulletin 1684649
Fixes available for Security Vulnerabilities in Apache Cordova that affect IBM WebSphere Portal (CVE-2014-3500; CVE-2014-3501; CVE-2014-3502)

Source: CCN
Type: IBM Security Bulletin 1686792
Multiple vulnerabilities affecting the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere Software

Source: BID
Type: UNKNOWN
69046

Source: CCN
Type: BID-69046
Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
apache-cordova-cve20143502-info-disc(94443)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-3502

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:cordova:3.5.0:*:*:*:*:android:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:cordova:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.3.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:apache:cordova:3.5.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:worklight:6.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.1.0.1:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:worklight:5.0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:worklight:5.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:worklight:5.0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:worklight:6.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:worklight:6.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect:9.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:112612
    P
    		libcrypto38-2.5.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106096
    P
    		libcrypto38-2.5.0-1.1 on GA media (Moderate)
    2021-10-01
    BACK
    apache cordova 3.5.0
    apache cordova 3.0.0
    apache cordova 3.0.0 rc1
    apache cordova 3.1.0
    apache cordova 3.1.0 rc1
    apache cordova 3.2.0
    apache cordova 3.2.0 rc1
    apache cordova 3.3.0 rc1
    apache cordova 3.5.0
    ibm websphere portal 8.5
    ibm worklight 6.1.0.1
    ibm rational application developer 9.1
    ibm rational application developer 9.1.0.1
    ibm worklight 5.0.5.1
    ibm worklight 5.0.6.1
    ibm worklight 5.0.6.2
    ibm worklight 6.0.0.1
    ibm worklight 6.0.0.2
    ibm rational software architect 9.1
    ibm rational software architect 9.1.1