Search criteria
2 vulnerabilities found for Jovi Smart Scene by vivo
CVE-2020-12488 (GCVE-0-2020-12488)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:49 – Updated: 2024-09-16 22:25
VLAI?
Title
Broken Access Control Vulnerability in Jovi Smart Scene
Summary
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Jovi Smart Scene |
Affected:
6.2.2.52 , < all
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jovi Smart Scene",
"vendor": "vivo",
"versions": [
{
"lessThan": "all",
"status": "affected",
"version": "6.2.2.52",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:49:58",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control Vulnerability in Jovi Smart Scene",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vivo.com",
"DATE_PUBLIC": "2021-03-23T16:00:00.000Z",
"ID": "CVE-2020-12488",
"STATE": "PUBLIC",
"TITLE": "Broken Access Control Vulnerability in Jovi Smart Scene"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jovi Smart Scene",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.2.52",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=5",
"refsource": "CONFIRM",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12488",
"datePublished": "2021-11-10T15:49:58.016162Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T22:25:02.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12488 (GCVE-0-2020-12488)
Vulnerability from nvd – Published: 2021-11-10 15:49 – Updated: 2024-09-16 22:25
VLAI?
Title
Broken Access Control Vulnerability in Jovi Smart Scene
Summary
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Jovi Smart Scene |
Affected:
6.2.2.52 , < all
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jovi Smart Scene",
"vendor": "vivo",
"versions": [
{
"lessThan": "all",
"status": "affected",
"version": "6.2.2.52",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:49:58",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control Vulnerability in Jovi Smart Scene",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vivo.com",
"DATE_PUBLIC": "2021-03-23T16:00:00.000Z",
"ID": "CVE-2020-12488",
"STATE": "PUBLIC",
"TITLE": "Broken Access Control Vulnerability in Jovi Smart Scene"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jovi Smart Scene",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.2.52",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=5",
"refsource": "CONFIRM",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12488",
"datePublished": "2021-11-10T15:49:58.016162Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T22:25:02.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}