var-201303-0180
Vulnerability from variot
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. OpenWnn for Android contains an issue in the access permissions for certain files. OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor (IME). OpenWnn for Android contains an issue in the access permissions for certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. OpenWnn for Android is prone to an information-disclosure vulnerability. Successful exploits allow an attacker to gain access to sensitive information. Information obtained may aid in further attacks. OpenWnn for Android 1.3.5 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.0"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.3.1"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.1"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.2"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.3.3"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.3.2"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.3"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 1.6,
"vendor": "omron",
"version": "1.3.4"
},
{
"model": "openwnn",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.3.5"
},
{
"model": "openwnn for android",
"scope": "lte",
"trust": 0.8,
"vendor": "omron",
"version": "1.3.5"
},
{
"model": "android omron openwnn",
"scope": "lte",
"trust": 0.6,
"vendor": "omron",
"version": "\u003c=1.3.6"
},
{
"model": "openwnn",
"scope": "eq",
"trust": 0.6,
"vendor": "omron",
"version": "1.3.5"
},
{
"model": "software openwnn for android",
"scope": "eq",
"trust": 0.3,
"vendor": "omron",
"version": "1.3.5"
},
{
"model": "software openwnn for android",
"scope": "ne",
"trust": 0.3,
"vendor": "omron",
"version": "1.3.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "1.3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openwnn",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "BID",
"id": "58784"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:omron_2:openwnn",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gaku Mochizuki of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "58784"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-2301",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-000025",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2013-02534",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "05162674-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-62303",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2301",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2013-000025",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2013-02534",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-599",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62303",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "VULHUB",
"id": "VHN-62303"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. OpenWnn for Android contains an issue in the access permissions for certain files. OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor (IME). OpenWnn for Android contains an issue in the access permissions for certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. OpenWnn for Android is prone to an information-disclosure vulnerability. \nSuccessful exploits allow an attacker to gain access to sensitive information. Information obtained may aid in further attacks. \nOpenWnn for Android 1.3.5 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2301"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "BID",
"id": "58784"
},
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-62303"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2301",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN01167429",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-599",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02534",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#01167429",
"trust": 0.6
},
{
"db": "BID",
"id": "58784",
"trust": 0.4
},
{
"db": "IVD",
"id": "05162674-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62303",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "VULHUB",
"id": "VHN-62303"
},
{
"db": "BID",
"id": "58784"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"id": "VAR-201303-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "VULHUB",
"id": "VHN-62303"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
}
]
},
"last_update_date": "2024-11-23T23:05:54.315000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OMRON SOFTWARE Co., Ltd. website",
"trust": 0.8,
"url": "https://android.googlesource.com/platform/packages/inputmethods/OpenWnn/+/59aefa242169b7a51c2381daee58ff22fd1834ce/ChangeLog.txt"
},
{
"title": "Android OMRON OpenWnn file permission setting vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/33099"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62303"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn01167429/index.html"
},
{
"trust": 2.0,
"url": "https://android.googlesource.com/platform/packages/inputmethods/openwnn/+/59aefa242169b7a51c2381daee58ff22fd1834ce/changelog.txt"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn01167429/995309/index.html"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000025"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2301"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2301"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000025.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "VULHUB",
"id": "VHN-62303"
},
{
"db": "BID",
"id": "58784"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"db": "VULHUB",
"id": "VHN-62303"
},
{
"db": "BID",
"id": "58784"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-02T00:00:00",
"db": "IVD",
"id": "05162674-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"date": "2013-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-62303"
},
{
"date": "2013-03-29T00:00:00",
"db": "BID",
"id": "58784"
},
{
"date": "2013-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"date": "2013-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"date": "2013-03-29T16:09:05.990000",
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02534"
},
{
"date": "2013-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-62303"
},
{
"date": "2013-03-29T00:00:00",
"db": "BID",
"id": "58784"
},
{
"date": "2013-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000025"
},
{
"date": "2013-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-599"
},
{
"date": "2024-11-21T01:51:25.590000",
"db": "NVD",
"id": "CVE-2013-2301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenWnn for Android vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-599"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…