CVE-2017-2172

Published Jul 7, 2017

Last updated 8 years ago

CVSS medium 6.1

Overview

Description: Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D"
          },
          {
            "criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "307BB9E0-4DFC-4791-A40A-C97096566397"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References