Lucene search

VulDBCVE-2013-10001

HistoryMay 17, 2022 - 8:15 a.m.

CVE-2013-10001

2022-05-1708:15:06

CWE-295

VulDB

web.nvd.nist.gov

htc

one

sense 4.x

mail client

certification validation

vulnerability

nvd

exploit disclosure

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Affected configurations

Nvd

Vulners

Node

htcmailMatch5.2.2222282614.528614.528614

AND

htcsdk_apiMatch4.25

htcone_svMatch4.0.4android

htcsenseMatch4.1

Node

htcmailMatch5.5.550363

AND

htcsdk_apiMatch4.63

htcone_xMatch4.1.1android

htcsenseMatch4\+

VendorProductVersionCPE
htcmail5.2.2222282614.528614.528614cpe:2.3:a:htc:mail:5.2.2222282614.528614.528614:*:*:*:*:*:*:*
htcsdk_api4.25cpe:2.3:a:htc:sdk_api:4.25:*:*:*:*:*:*:*
htcone_sv4.0.4cpe:2.3:h:htc:one_sv:4.0.4:*:*:*:*:android:*:*
htcsense4.1cpe:2.3:h:htc:sense:4.1:*:*:*:*:*:*:*
htcmail5.5.550363cpe:2.3:a:htc:mail:5.5.550363:*:*:*:*:*:*:*
htcsdk_api4.63cpe:2.3:a:htc:sdk_api:4.63:*:*:*:*:*:*:*
htcone_x4.1.1cpe:2.3:h:htc:one_x:4.1.1:*:*:*:*:android:*:*
htcsense4+cpe:2.3:h:htc:sense:4\+:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
htc	mail	5.2.2222282614.528614.528614	cpe:2.3:a:htc:mail:5.2.2222282614.528614.528614:::::::*
htc	sdk_api	4.25	cpe:2.3:a:htc:sdk_api:4.25:::::::*
htc	one_sv	4.0.4	cpe:2.3:h:htc:one_sv:4.0.4:::::android::
htc	sense	4.1	cpe:2.3:h:htc:sense:4.1:::::::*
htc	mail	5.5.550363	cpe:2.3:a:htc:mail:5.5.550363:::::::*
htc	sdk_api	4.63	cpe:2.3:a:htc:sdk_api:4.63:::::::*
htc	one_x	4.1.1	cpe:2.3:h:htc:one_x:4.1.1:::::android::
htc	sense	4+	cpe:2.3:h:htc:sense:4\+:::::::*

CNA Affected

[
  {
    "product": "One",
    "vendor": "HTC",
    "versions": [
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  },
  {
    "product": "Sense",
    "vendor": "HTC",
    "versions": [
      {
        "status": "affected",
        "version": "4.x"
      }
    ]
  }
]

References

www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates/

vuldb.com/?id.8900

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

Related for CVE-2013-10001