CVE-2014-8889 - OpenCVE

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Dropbox	Dropbox Sdk

Configuration 1 [-]

OR	cpe:2.3:a:dropbox:dropbox_sdk:1.5.4:::::android::
	cpe:2.3:a:dropbox:dropbox_sdk:1.6.1:::::android::

References

Link	Resource
http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/61	Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/534843/100/1500/threaded
http://www.securityfocus.com/bid/73035	Third Party Advisory VDB Entry
https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2017-09-25T19:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2014-11-14T00:00:00

Link: CVE-2014-8889

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-26T01:29:00.350

Modified: 2018-10-09T19:54:51.637

Link: CVE-2014-8889

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "73035", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73035"}, {"name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534843/100/1500/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html"}, {"name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/61"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-8889", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "73035", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73035"}, {"name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534843/100/1500/threaded"}, {"name": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/", "refsource": "MISC", "url": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/"}, {"name": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html"}, {"name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/61"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-8889", "datePublished": "2017-09-25T19:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dropbox:dropbox_sdk:1.5.4:*:*:*:*:android:*:*", "matchCriteriaId": "E2BAD080-6DC6-4C7F-A8A7-F7AD8000AAA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dropbox:dropbox_sdk:1.6.1:*:*:*:*:android:*:*", "matchCriteriaId": "4E0108A8-F4B7-4FCD-A724-31C3EEC8C319", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack."}, {"lang": "es", "value": "Dropbox SDK para Android en versiones anteriores a la 1.6.2 podr\u00eda permitir que atacantes remotos obtengan informaci\u00f3n sensible mediante malware manipulado o un ataque Drive-by Download."}], "id": "CVE-2014-8889", "lastModified": "2018-10-09T19:54:51.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-26T01:29:00.350", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html"}, {"source": "psirt@us.ibm.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2015/Mar/61"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/archive/1/534843/100/1500/threaded"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/73035"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory"], "url": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}