CVE-2010-0113 - OpenCVE

The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Mobile Security
Google	Android

Configuration 1 [-]

AND

cpe:2.3:a:symantec:mobile_security:1.0:beta:*:*:*:*:*:*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/69253
http://www.securityfocus.com/bid/44767
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00
http://www.vupen.com/english/advisories/2010/2982	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/63294

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-11-15T20:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-12-31T00:00:00

Link: CVE-2010-0113

JSON object: View

NVD Information

Status : Modified

Published: 2010-11-15T21:00:03.110

Modified: 2017-08-17T01:31:52.727

Link: CVE-2010-0113

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "norton-mobile-setup-information-disclosure(63294)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"name": "69253", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69253"}, {"name": "ADV-2010-2982", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"name": "44767", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44767"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0113", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "norton-mobile-setup-information-disclosure(63294)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"name": "69253", "refsource": "OSVDB", "url": "http://osvdb.org/69253"}, {"name": "ADV-2010-2982", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"name": "44767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44767"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0113", "datePublished": "2010-11-15T20:00:00", "dateReserved": "2009-12-31T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:mobile_security:1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "0CFFF5C4-A796-489B-83D5-96E74288C29B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."}, {"lang": "es", "value": "La aplicaci\u00f3n Symantec Norton Mobile Security v1.0 Beta para Android guarda detalles de configuraci\u00f3n, incluyendo posiblemente las credenciales wipe/lock en los registros del dispositivo, permitiendo a atacantes remotos asistidos por el usuario obtener informaci\u00f3n sensible mediante una aplicaci\u00f3n independiente especialmente dise\u00f1ada para leer estos registros."}], "id": "CVE-2010-0113", "lastModified": "2017-08-17T01:31:52.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-11-15T21:00:03.110", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/69253"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44767"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}