cvelistv5 - cve-2013-4763

cve-2013-4763

Vulnerability from cvelistv5

Published

2019-12-27 16:08

Modified

2024-08-06 16:52

Severity ?

Summary

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html	Broken Link, Third Party Advisory
cve@mitre.org	https://www.securityfocus.com/bid/61280	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/bid/61280	Broken Link, Third Party Advisory, VDB Entry

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:27.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/61280"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-27T16:08:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityfocus.com/bid/61280"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html",
              "refsource": "MISC",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
            },
            {
              "name": "https://www.securityfocus.com/bid/61280",
              "refsource": "MISC",
              "url": "https://www.securityfocus.com/bid/61280"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4763",
    "datePublished": "2019-12-27T16:08:15",
    "dateReserved": "2013-07-05T00:00:00",
    "dateUpdated": "2024-08-06T16:52:27.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E17ACF33-BA4B-4FD4-811F-4AD860C016E7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A294254-1687-4340-BF07-06373FBFC072\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5612A23E-43B3-4B13-89C1-6178C1737DAB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"717D895C-E64D-4E0E-9F4A-9B191E6388B6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.\"}, {\"lang\": \"es\", \"value\": \"Samsung Galaxy S3/S4 expone un componente desprotegido que permite mensajes de texto SMS arbitrarios sin solicitar permiso\"}]",
      "id": "CVE-2013-4763",
      "lastModified": "2024-11-21T01:56:20.417",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-27T17:15:15.297",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://www.securityfocus.com/bid/61280\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://www.securityfocus.com/bid/61280\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4763\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-27T17:15:15.297\",\"lastModified\":\"2024-11-21T01:56:20.417\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.\"},{\"lang\":\"es\",\"value\":\"Samsung Galaxy S3/S4 expone un componente desprotegido que permite mensajes de texto SMS arbitrarios sin solicitar permiso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E17ACF33-BA4B-4FD4-811F-4AD860C016E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A294254-1687-4340-BF07-06373FBFC072\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5612A23E-43B3-4B13-89C1-6178C1737DAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717D895C-E64D-4E0E-9F4A-9B191E6388B6\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://www.securityfocus.com/bid/61280\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://www.securityfocus.com/bid/61280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-j55q-pc37-x3wm

Vulnerability from github

Published

2022-05-05 00:29

Modified

2024-04-03 23:57

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-4763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-27T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.",
  "id": "GHSA-j55q-pc37-x3wm",
  "modified": "2024-04-03T23:57:41Z",
  "published": "2022-05-05T00:29:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4763"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/61280"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. Samsung Galaxy S3/S4 Contains an improper default permissions vulnerability.Information may be altered. The Samsung Galaxy S3 and S4 are prone to a local security-bypass vulnerability. An attacker with local physical access to a device can exploit this issue to bypass certain security restriction and perform unauthorized actions. Hi list, I would like to inform you that the details of the vulnerability in built-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763 and CVE-2013-4764) are now disclosed to public. By exploiting these unprotected components, an unprivileged app can trigger a so-called \x93restore\x94 operation to write SMS messages back to the standard SMS database file (mmssms.db) used by the system messaging app, i.e., SecMms.apk. Similarly, fake MMS messages and call logs are also possible. This vulnerability has been disclosed in CVE-2013-4763.

Also, these components can be sequentially triggered in a specific order to create arbitrary SMS content, inject to system-wide SMS database, and then trigger the built-in SMS-sending behavior (to arbitrary destination). This vulnerability has been disclosed in CVE-2013-4764.

QIHU Inc. discovered these vulnerability and informed Samsung Corp. in June 10, 2013. Samsung confirmed the vulerability and is now preparing an OTA update. As a temporary workaround, disable the sCloudBackupProvider.apk app would help block known attack vectors.

Details of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU Inc.'s official site: http://shouji.360.cn/securityReportlist/CVE-2013-4763.html http://shouji.360.cn/securityReportlist/CVE-2013-4764.html

Regards, Z.X. from QIHU Inc

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1596",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "galaxy s3",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s3",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "galaxy s iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "scloudbackupprovider.apk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "jdsingle76",
        "version": "1.4"
      },
      {
        "model": "scloudbackupprovider.apk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "jdsingle76",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Z.X. of QIHU Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "61280"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-4763",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-4763",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.6,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-4763",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4763",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-1173",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. Samsung Galaxy S3/S4 Contains an improper default permissions vulnerability.Information may be altered. The Samsung Galaxy S3 and S4 are prone to a local security-bypass vulnerability. \nAn attacker with local physical access to a device can exploit this issue to bypass certain security restriction and perform unauthorized actions. Hi list,\nI would like to inform you that the details of the vulnerability in\nbuilt-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763\nand CVE-2013-4764) are now disclosed to public. By exploiting these unprotected components, an\nunprivileged app can trigger a so-called \\x93restore\\x94 operation to write\nSMS messages back to the standard SMS database file (mmssms.db) used\nby the system messaging app, i.e., SecMms.apk. Similarly, fake MMS messages and call logs are also\npossible. This vulnerability has been disclosed in CVE-2013-4763. \n\nAlso, these components can be sequentially triggered in a specific\norder to create arbitrary SMS content, inject to system-wide SMS\ndatabase, and then trigger the built-in SMS-sending behavior (to\narbitrary destination). This vulnerability has been disclosed in\nCVE-2013-4764. \n\nQIHU Inc. discovered these vulnerability and informed Samsung Corp. in\nJune 10, 2013. Samsung confirmed the vulerability and is now preparing\nan OTA update. As a temporary workaround, disable the\nsCloudBackupProvider.apk app would help block known attack vectors. \n\nDetails of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU\nInc.\u0027s official site:\nhttp://shouji.360.cn/securityReportlist/CVE-2013-4763.html\nhttp://shouji.360.cn/securityReportlist/CVE-2013-4764.html\n\nRegards,\nZ.X. from QIHU Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "BID",
        "id": "61280"
      },
      {
        "db": "PACKETSTORM",
        "id": "122428"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4763",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "61280",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "122428",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "PACKETSTORM",
        "id": "122428"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "id": "VAR-201912-1596",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.7951389
  },
  "last_update_date": "2023-12-18T13:37:59.886000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.samsung.com/global/galaxy/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.securityfocus.com/bid/61280"
      },
      {
        "trust": 1.6,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4763"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4763"
      },
      {
        "trust": 0.3,
        "url": "http://www.samsung.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.androidfilehost.com/?fid=13858035414129967185"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2013/jul/107"
      },
      {
        "trust": 0.1,
        "url": "http://shouji.360.cn/securityreportlist/cve-2013-4764.html"
      },
      {
        "trust": 0.1,
        "url": "http://shouji.360.cn/securityreportlist/cve-2013-4763.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4764"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "PACKETSTORM",
        "id": "122428"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "61280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "db": "PACKETSTORM",
        "id": "122428"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-17T00:00:00",
        "db": "BID",
        "id": "61280"
      },
      {
        "date": "2020-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "date": "2013-07-17T00:10:22",
        "db": "PACKETSTORM",
        "id": "122428"
      },
      {
        "date": "2019-12-27T17:15:15.297000",
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-17T00:00:00",
        "db": "BID",
        "id": "61280"
      },
      {
        "date": "2020-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      },
      {
        "date": "2020-01-10T13:48:57.043000",
        "db": "NVD",
        "id": "CVE-2013-4763"
      },
      {
        "date": "2020-01-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "61280"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung Galaxy S3/S4 Inadequate default permissions vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-007051"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1173"
      }
    ],
    "trust": 0.6
  }
}

gsd-2013-4763

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

Aliases

CVE-2013-4763

Aliases

CVE-2013-4763

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4763",
    "description": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.",
    "id": "GSD-2013-4763"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4763"
      ],
      "details": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.",
      "id": "GSD-2013-4763",
      "modified": "2023-12-13T01:22:16.658420Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-4763",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html",
            "refsource": "MISC",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
          },
          {
            "name": "https://www.securityfocus.com/bid/61280",
            "refsource": "MISC",
            "url": "https://www.securityfocus.com/bid/61280"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4763"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.securityfocus.com/bid/61280",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.securityfocus.com/bid/61280"
            },
            {
              "name": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-01-10T13:48Z",
      "publishedDate": "2019-12-27T17:15Z"
    }
  }
}

cve-2013-4763

Vulnerability from fkie_nvd

Published

2019-12-27 17:15

Modified

2024-11-21 01:56

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html	Broken Link, Third Party Advisory
cve@mitre.org	https://www.securityfocus.com/bid/61280	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/bid/61280	Broken Link, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
samsung	galaxy_s3_firmware	-
samsung	galaxy_s3	-
samsung	galaxy_s4_firmware	-
samsung	galaxy_s4	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E17ACF33-BA4B-4FD4-811F-4AD860C016E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A294254-1687-4340-BF07-06373FBFC072",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5612A23E-43B3-4B13-89C1-6178C1737DAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717D895C-E64D-4E0E-9F4A-9B191E6388B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission."
    },
    {
      "lang": "es",
      "value": "Samsung Galaxy S3/S4 expone un componente desprotegido que permite mensajes de texto SMS arbitrarios sin solicitar permiso"
    }
  ],
  "id": "CVE-2013-4763",
  "lastModified": "2024-11-21T01:56:20.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-27T17:15:15.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/61280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/61280"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-4763

Vulnerability from cvelistv5

ghsa-j55q-pc37-x3wm

Vulnerability from github

var-201912-1596

Vulnerability from variot

gsd-2013-4763

Vulnerability from gsd

cve-2013-4763

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature