Lucene search

[email protected]CVE-2023-46756

HistoryNov 08, 2023 - 11:15 a.m.

CVE-2023-46756

2023-11-0811:15:08

[email protected]

web.nvd.nist.gov

cve-2023-46756

permission control

vulnerability

window management module

pop-up windows

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Affected configurations

NVD

Node

huaweiharmonyosMatch2.0.0

huaweiharmonyosMatch2.0.1

huaweiharmonyosMatch2.1.0

huaweiharmonyosMatch3.0.0

huaweiharmonyosMatch3.1.0

huaweiharmonyosMatch4.0.0

Node

huaweiemuiMatch11.0.1

huaweiemuiMatch12.0.0

huaweiemuiMatch12.0.1

huaweiemuiMatch13.0.0

CPENameOperatorVersion
huawei:harmonyoshuawei harmonyoseq2.0.0
huawei:harmonyoshuawei harmonyoseq2.0.1
huawei:harmonyoshuawei harmonyoseq2.1.0
huawei:harmonyoshuawei harmonyoseq3.0.0
huawei:harmonyoshuawei harmonyoseq3.1.0
huawei:harmonyoshuawei harmonyoseq4.0.0

CPE	Name	Operator	Version
huawei:harmonyos	huawei harmonyos	eq	2.0.0
huawei:harmonyos	huawei harmonyos	eq	2.0.1
huawei:harmonyos	huawei harmonyos	eq	2.1.0
huawei:harmonyos	huawei harmonyos	eq	3.0.0
huawei:harmonyos	huawei harmonyos	eq	3.1.0
huawei:harmonyos	huawei harmonyos	eq	4.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.1"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.1"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      },
      {
        "status": "affected",
        "version": "11.0.1"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2023/11/

device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-46756

prion1 nvd1 cvelist1 cnvd1