Search
Find a vulnerability
Search criteria
3 vulnerabilities by ES APP Group
VAR-201901-0308
Vulnerability from variot - Updated: 2025-01-30 21:10The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "es file explorer file manager",
"scope": "lte",
"trust": 1.0,
"vendor": "estrongs",
"version": "4.1.9.7.4"
},
{
"model": "file explorer file manager",
"scope": "lte",
"trust": 0.8,
"vendor": "es app group",
"version": "4.1.9.7.4 (android)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:estrongs:es_file_explorer_file_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tanmay Tyagi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6447",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-6447",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6447",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6447",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6447",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6447",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6447",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
},
{
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "VULMON",
"id": "CVE-2019-6447"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6447",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "163303",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "50070",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161657",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-602",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6447",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
},
{
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"id": "VAR-201901-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"other device"
],
"sub_category": "general",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:10:50.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.estrongs.com/?lang=en"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/KaviDk/CVE-2019-6447-in-Mobile-Application "
},
{
"title": "POC-ES-File-Explorer-CVE-2019-6447",
"trust": 0.1,
"url": "https://github.com/julio-cfa/POC-ES-File-Explorer-CVE-2019-6447 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/k4u5h41/CVE-2019-6447 "
},
{
"title": "cve-2019-6447",
"trust": 0.1,
"url": "https://github.com/mcmahonr/cve-2019-6447 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Chethine/EsFileExplorer-CVE-2019-6447 "
},
{
"title": "CVE-2019-6447",
"trust": 0.1,
"url": "https://github.com/1nf1n17yk1ng/CVE-2019-6447 "
},
{
"title": "CVE-2019-6447-ESfile-explorer-exploit",
"trust": 0.1,
"url": "https://github.com/febinrev/CVE-2019-6447-ESfile-explorer-exploit "
},
{
"title": "esfile",
"trust": 0.1,
"url": "https://github.com/amjadkhan345/esfile "
},
{
"title": "cve_2019-6447",
"trust": 0.1,
"url": "https://github.com/volysandro/cve_2019-6447 "
},
{
"title": "CVE-2019-6447",
"trust": 0.1,
"url": "https://github.com/3hydraking/CVE-2019-6447 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Osuni-99/CVE-2019-6447 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/svg153/awesome-stars "
},
{
"title": "esexplorervuln",
"trust": 0.1,
"url": "https://github.com/codeonlinux/esexplorervuln "
},
{
"title": "good-articles-by-time",
"trust": 0.1,
"url": "https://github.com/zhang0peter/good-articles-by-time "
},
{
"title": "awesome-stars",
"trust": 0.1,
"url": "https://github.com/mooyoul/awesome-stars "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/VinuKalana/CVE-2019-6447-Android-Vulnerability-in-ES-File-Explorer "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vino-theva/CVE-2019-6447 "
},
{
"title": "ESFileExplorerOpenPortVuln",
"trust": 0.1,
"url": "https://github.com/fs0c131y/ESFileExplorerOpenPortVuln "
},
{
"title": "awesome-hacking",
"trust": 0.1,
"url": "https://github.com/QWERTSKIHACK/awesome-hacking "
},
{
"title": "AwesomeHacking",
"trust": 0.1,
"url": "https://github.com/REY-AKA-RJDJ0261/AwesomeHacking "
},
{
"title": "awesome-hacking",
"trust": 0.1,
"url": "https://github.com/Aruack/awesome-hacking "
},
{
"title": "Ensemble-HackTools",
"trust": 0.1,
"url": "https://github.com/Rexinazor/Ensemble-HackTools "
},
{
"title": "awesome-hacking",
"trust": 0.1,
"url": "https://github.com/jekil/awesome-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/nitishbadole/oscp-note-3 "
},
{
"title": "awesome-hacking",
"trust": 0.1,
"url": "https://github.com/rohankumardubey/awesome-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/eljosep/OSCP-Guide "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Ly0nt4r/OSCP "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ghostXing/hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/e-hakson/OSCP "
},
{
"title": "awesome-cyber-security",
"trust": 0.1,
"url": "https://github.com/xrkk/awesome-cyber-security "
},
{
"title": "Cyber-Security_Collection",
"trust": 0.1,
"url": "https://github.com/RakhithJK/Cyber-Security_Collection "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/es-file-explorer-flaws-put-100-million-users-data-at-risk-fix-promised/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/fs0c131y/esfileexploreropenportvuln"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/163303/es-file-explorer-4.1.9.7.4-arbitrary-file-read.html"
},
{
"trust": 1.7,
"url": "https://twitter.com/fs0c131y/status/1085460755313508352"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6447"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6447"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161657/android-vulnerability-in-es-file-explorer.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50070"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/kavidk/cve-2019-6447-in-mobile-application"
},
{
"trust": 0.1,
"url": "https://github.com/julio-cfa/poc-es-file-explorer-cve-2019-6447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/zhang0peter/good-articles-by-time"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
},
{
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
},
{
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"date": "2019-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-602"
},
{
"date": "2019-01-16T14:29:00.327000",
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6447"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001728"
},
{
"date": "2021-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-602"
},
{
"date": "2024-11-21T04:46:28.287000",
"db": "NVD",
"id": "CVE-2019-6447"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Android for ES File Explorer File Manager Application input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-602"
}
],
"trust": 0.6
}
}
JVNDB-2014-000033
Vulnerability from jvndb - Published: 2014-03-20 14:05 - Updated:2014-03-24 18:50Summary
ES File Explorer vulnerable to directory traversal
Details
ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000033.html",
"dc:date": "2014-03-24T18:50+09:00",
"dcterms:issued": "2014-03-20T14:05+09:00",
"dcterms:modified": "2014-03-24T18:50+09:00",
"description": "ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.\r\n\r\nRyohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000033.html",
"sec:cpe": {
"#text": "cpe:/a:estrongs:es_file_explorer",
"@product": "ES File Explorer",
"@vendor": "ES APP Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN70029459/index.html",
"@id": "JVN#70029459",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1970",
"@id": "CVE-2014-1970",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1970",
"@id": "CVE-2014-1970",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "ES File Explorer vulnerable to directory traversal"
}
JVNDB-2012-000020
Vulnerability from jvndb - Published: 2012-03-05 15:50 - Updated:2012-03-05 15:50Summary
ES File Explorer fails to restrict access permissions
Details
ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted.
ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted.
Shiongu of satoweb and Masafumi Horimoto of HOLLY & Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000020.html",
"dc:date": "2012-03-05T15:50+09:00",
"dcterms:issued": "2012-03-05T15:50+09:00",
"dcterms:modified": "2012-03-05T15:50+09:00",
"description": "ES File Explorer provided by EStrongs, Inc. contains an issue where access permissions are not restricted.\r\n\r\nES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted.\r\n\r\nShiongu of satoweb and Masafumi Horimoto of HOLLY \u0026 Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000020.html",
"sec:cpe": {
"#text": "cpe:/a:estrongs:es_file_explorer",
"@product": "ES File Explorer",
"@vendor": "ES APP Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000020",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN08871006/index.html",
"@id": "JVN#08871006",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0322",
"@id": "CVE-2012-0322",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0322",
"@id": "CVE-2012-0322",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "ES File Explorer fails to restrict access permissions"
}