Search
Find a vulnerability
Search criteria
2 vulnerabilities found for HwVmall by Huawei Technologies Co., Ltd.
CVE-2017-2694 (GCVE-0-2017-2694)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 02:01
VLAI
EPSS
VEX
Summary
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.
Severity
No CVSS data available.
CWE
- Improper Permission Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95915 | vdb-entryx_refsource_BID |
| http://www.huawei.com/en/psirt/security-advisorie… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | HwVmall |
Affected:
Earlier than HwVmall 1.5.2.0 versions
|
Date Public
2017-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HwVmall",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than HwVmall 1.5.2.0 versions"
}
]
}
],
"datePublic": "2017-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Permission Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-23T10:57:01.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "95915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HwVmall",
"version": {
"version_data": [
{
"version_value": "Earlier than HwVmall 1.5.2.0 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Permission Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95915"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-2694",
"datePublished": "2017-11-22T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:40.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2694 (GCVE-0-2017-2694)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 02:01
VLAI
EPSS
VEX
Summary
The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience.
Severity
No CVSS data available.
CWE
- Improper Permission Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95915 | vdb-entryx_refsource_BID |
| http://www.huawei.com/en/psirt/security-advisorie… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | HwVmall |
Affected:
Earlier than HwVmall 1.5.2.0 versions
|
Date Public
2017-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HwVmall",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than HwVmall 1.5.2.0 versions"
}
]
}
],
"datePublic": "2017-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Permission Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-23T10:57:01.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "95915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HwVmall",
"version": {
"version_data": [
{
"version_value": "Earlier than HwVmall 1.5.2.0 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Permission Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95915"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-2694",
"datePublished": "2017-11-22T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:40.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}