CVE-2024-46939

The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files

CVSS

No CVSS.

References

Link	Resource
https://www.vivo.com/en/support/security-advisory-detail?id=13

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-28 04:15

Updated : 2024-11-28 04:15

NVD link : CVE-2024-46939

Mitre link : CVE-2024-46939

CVE.ORG link : CVE-2024-46939

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-46939", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@vivo.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "AUTOMATIC", "baseScore": 2.4, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-28T04:15:03.987", "references": [{"url": "https://www.vivo.com/en/support/security-advisory-detail?id=13", "source": "security@vivo.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@vivo.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u00a0local specific files"}, {"lang": "es", "value": "El motor de extensi\u00f3n del juego de las versiones 1.2.7.0 y anteriores expone algunos componentes y los atacantes pueden construir par\u00e1metros para realizar ataques de path traversal, que pueden sobrescribir archivos locales espec\u00edficos."}], "lastModified": "2024-11-28T04:15:03.987", "sourceIdentifier": "security@vivo.com"}

CVE-2024-46939

JSON object

Attach tags to CVE-2024-46939

Attach tags to `CVE-2024-46939`