Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for getapps by mi
CVE-2023-26324 (GCVE-0-2023-26324)
Vulnerability from nvd – Published: 2024-08-28 07:28 – Updated: 2024-08-28 13:47
VLAI?
Title
GetApps application has code execution vulnerability
Summary
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Severity ?
8.8 (High)
CWE
- A code execution vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 30.6.0.2
(custom)
|
Date Public ?
2024-05-06 06:01
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "30.6.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:46:06.441446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:47:11.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "30.6.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "30.6.0.2",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-05-06T06:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "GetApps application 30.6.0.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A code execution vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:35:40.482Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://https://trust.mi.com/misrc/bulletins/advisory?cveId=544"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26324",
"datePublished": "2024-08-28T07:28:35.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-08-28T13:47:11.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26322 (GCVE-0-2023-26322)
Vulnerability from nvd – Published: 2024-08-28 07:59 – Updated: 2024-08-28 13:39
VLAI?
Title
GetApps application has code execution vulnerability
Summary
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Severity ?
8.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 31.2.5.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:30:30.765435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:39:52.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "32.0.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T11:24:24.657Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=542"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26322",
"datePublished": "2024-08-28T07:59:26.998Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-08-28T13:39:52.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26322 (GCVE-0-2023-26322)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:59 – Updated: 2024-08-28 13:39
VLAI?
Title
GetApps application has code execution vulnerability
Summary
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Severity ?
8.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 31.2.5.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:30:30.765435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:39:52.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "32.0.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T11:24:24.657Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=542"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26322",
"datePublished": "2024-08-28T07:59:26.998Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-08-28T13:39:52.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26324 (GCVE-0-2023-26324)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:28 – Updated: 2024-08-28 13:47
VLAI?
Title
GetApps application has code execution vulnerability
Summary
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Severity ?
8.8 (High)
CWE
- A code execution vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | GetApps application |
Affected:
GetApps application , ≤ 30.6.0.2
(custom)
|
Date Public ?
2024-05-06 06:01
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "getapps_application",
"vendor": "xiaomi",
"versions": [
{
"lessThanOrEqual": "30.6.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:46:06.441446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:47:11.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "30.6.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "30.6.0.2",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-05-06T06:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "GetApps application 30.6.0.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A code execution vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:35:40.482Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://https://trust.mi.com/misrc/bulletins/advisory?cveId=544"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GetApps application has code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26324",
"datePublished": "2024-08-28T07:28:35.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2024-08-28T13:47:11.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}