Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for appgallery by huawei

    VAR-201804-1332

    Vulnerability from variot - Updated: 2024-11-23 22:55

    Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone. Huawei AppGallery Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei App Market. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the launchApp method within the HiSpaceObject JavaScript interface. The issue lies in the lack of verification of the user-supplied arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Huawei AppGallery is a software integrated in Huawei mobile phones for downloading third-party applications from Huawei of China. There are security vulnerabilities in Huawei AppGallery versions earlier than 8.0.4.301

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1332",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "appgallery",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "8.0.4.301"
          },
          {
            "model": "app market",
            "scope": null,
            "trust": 0.7,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:huawei:appgallery",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MWR Labs - Alex Plaskett James Loureiro Robert Miller and Georgi Geshev",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-7932",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7932",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CVE-2018-7932",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-137964",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7932",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7932",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7932",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-7932",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-1388",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137964",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone. Huawei AppGallery Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei App Market. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the launchApp method within the HiSpaceObject JavaScript interface. The issue lies in the lack of verification of the user-supplied arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Huawei AppGallery is a software integrated in Huawei mobile phones for downloading third-party applications from Huawei of China. There are security vulnerabilities in Huawei AppGallery versions earlier than 8.0.4.301",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7932",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5348",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-875",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-137964",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "id": "VAR-201804-1332",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:55:54.202000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180423-01-app",
            "trust": 1.5,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
          },
          {
            "title": "Huawei AppGallery Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79670"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-345",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7932"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7932"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "date": "2018-04-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "date": "2018-04-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          },
          {
            "date": "2018-04-24T15:29:00.993000",
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-875"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137964"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          },
          {
            "date": "2024-11-21T04:12:58.790000",
            "db": "NVD",
            "id": "CVE-2018-7932"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei AppGallery Access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004568"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "data forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1388"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-1331

    Vulnerability from variot - Updated: 2024-11-23 22:45

    Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism. Huawei AppGallery Contains vulnerabilities related to security features.Information may be tampered with. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Huawei App Market. The issue lies in the lack of verification that content was loaded over a secure channel. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Huawei AppGallery is a software integrated in Huawei mobile phones for downloading third-party applications from Huawei of China

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1331",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "appgallery",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "huawei",
            "version": "8.0.4.301"
          },
          {
            "model": "app market",
            "scope": null,
            "trust": 0.7,
            "vendor": "huawei",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:huawei:appgallery",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MWR Labs - Alex Plaskett James Loureiro Robert Miller and Georgi Geshev",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-7931",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7931",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7931",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-137963",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7931",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7931",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7931",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-7931",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-1389",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137963",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism. Huawei AppGallery Contains vulnerabilities related to security features.Information may be tampered with. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Huawei App Market. The issue lies in the lack of verification that content was loaded over a secure channel. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Huawei AppGallery is a software integrated in Huawei mobile phones for downloading third-party applications from Huawei of China",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7931",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-5347",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-879",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-137963",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "id": "VAR-201804-1331",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:45:23.563000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "huawei-sa-20180423-01-app",
            "trust": 1.5,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
          },
          {
            "title": "Huawei AppGallery Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79671"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7931"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7931"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "date": "2018-04-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "date": "2018-04-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          },
          {
            "date": "2018-04-24T15:29:00.947000",
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-02T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-879"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137963"
          },
          {
            "date": "2018-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          },
          {
            "date": "2024-11-21T04:12:58.677000",
            "db": "NVD",
            "id": "CVE-2018-7931"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Huawei AppGallery Vulnerabilities related to security functions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004567"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1389"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-7932 (GCVE-0-2018-7932)

    Vulnerability from nvd – Published: 2018-04-24 15:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-24T14:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7932",
        "datePublished": "2018-04-24T15:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7931 (GCVE-0-2018-7931)

    Vulnerability from nvd – Published: 2018-04-24 15:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.
    Severity
    No CVSS data available.
    CWE
    • whitelist mechanism bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. AppGallery Affected: The versions before 8.0.4.301
    Create a notification for this product.
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AppGallery",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "The versions before 8.0.4.301"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "whitelist mechanism bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-24T14:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AppGallery",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The versions before 8.0.4.301"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "whitelist mechanism bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7931",
        "datePublished": "2018-04-24T15:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7931 (GCVE-0-2018-7931)

    Vulnerability from cvelistv5 – Published: 2018-04-24 15:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.
    Severity
    No CVSS data available.
    CWE
    • whitelist mechanism bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. AppGallery Affected: The versions before 8.0.4.301
    Create a notification for this product.
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AppGallery",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "The versions before 8.0.4.301"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "whitelist mechanism bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-24T14:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AppGallery",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The versions before 8.0.4.301"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "whitelist mechanism bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7931",
        "datePublished": "2018-04-24T15:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7932 (GCVE-0-2018-7932)

    Vulnerability from cvelistv5 – Published: 2018-04-24 15:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-24T14:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180423-01-app-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7932",
        "datePublished": "2018-04-24T15:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }