CVE-2022-28868

{"id": "CVE-2022-28868", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve-notifications-us@f-secure.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2022-04-15T11:15:07.727", "references": [{"url": "https://www.f-secure.com/en/home/support/security-advisories", "tags": ["Vendor Advisory"], "source": "cve-notifications-us@f-secure.com"}, {"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868", "tags": ["Vendor Advisory"], "source": "cve-notifications-us@f-secure.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de suplantaci\u00f3n de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una p\u00e1gina web/URL maliciosa especialmente dise\u00f1ada, el usuario puede ser enga\u00f1ado durante un corto per\u00edodo de tiempo (hasta que la p\u00e1gina es cargada) para pensar que el contenido puede venir de un dominio v\u00e1lido, mientras que el contenido proviene del sitio controlado por el atacante"}], "lastModified": "2022-04-26T17:30:58.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:safe:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "82709386-E1D2-4681-9CC2-26329E97C843", "versionEndIncluding": "18.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve-notifications-us@f-secure.com"}