Lucene search

NaverCVE-2021-33593

HistoryNov 02, 2021 - 7:15 a.m.

CVE-2021-33593

2021-11-0207:15:07

CWE-451

naver

web.nvd.nist.gov

whale browser

ios

1.14.0

inconsistent user interface

address bar spoofing

cve-2021-33593

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

27.9%

JSON

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

Affected configurations

Nvd

Node

navercorpwhaleRange<1.14.0iphone_os

VendorProductVersionCPE
navercorpwhale*cpe:2.3:a:navercorp:whale:*:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
navercorp	whale	*	cpe:2.3:a:navercorp:whale::::::iphone_os::*

CNA Affected

[
  {
    "product": "NAVER Whale browser",
    "vendor": "NAVER",
    "versions": [
      {
        "lessThan": "1.14.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cve.naver.com/detail/cve-2021-43059

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

27.9%

JSON

Related for CVE-2021-33593