Sign-up

ID

VAR-201303-0180


CVE

CVE-2013-2301


TITLE

OpenWnn for Android vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2013-000025

DESCRIPTION

The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. OpenWnn for Android contains an issue in the access permissions for certain files. OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor (IME). OpenWnn for Android contains an issue in the access permissions for certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. OpenWnn for Android is prone to an information-disclosure vulnerability. Successful exploits allow an attacker to gain access to sensitive information. Information obtained may aid in further attacks. OpenWnn for Android 1.3.5 and prior are vulnerable

Trust: 2.7

sources: NVD: CVE-2013-2301 // JVNDB: JVNDB-2013-000025 // CNVD: CNVD-2013-02534 // BID: 58784 // IVD: 05162674-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-62303

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 05162674-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02534

AFFECTED PRODUCTS

vendor:omronmodel:openwnnscope:eqversion:1.0

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.3.1

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.1

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.2

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.3.3

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.3.2

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.3

Trust: 1.6

vendor:omronmodel:openwnnscope:eqversion:1.3.4

Trust: 1.6

vendor:omronmodel:openwnnscope:lteversion:1.3.5

Trust: 1.0

vendor:omronmodel:openwnn for androidscope:lteversion:1.3.5

Trust: 0.8

vendor:omronmodel:android omron openwnnscope:lteversion:<=1.3.6

Trust: 0.6

vendor:omronmodel:openwnnscope:eqversion:1.3.5

Trust: 0.6

vendor:omronmodel:software openwnn for androidscope:eqversion:1.3.5

Trust: 0.3

vendor:omronmodel:software openwnn for androidscope:neversion:1.3.6

Trust: 0.3

vendor:openwnnmodel: - scope:eqversion:1.0

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.1

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.2

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.3

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.3.1

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.3.2

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.3.3

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:1.3.4

Trust: 0.2

vendor:openwnnmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 05162674-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02534 // BID: 58784 // JVNDB: JVNDB-2013-000025 // CNNVD: CNNVD-201303-599 // NVD: CVE-2013-2301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2301
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2013-000025
value: LOW

Trust: 0.8

CNVD: CNVD-2013-02534
value: LOW

Trust: 0.6

CNNVD: CNNVD-201303-599
value: MEDIUM

Trust: 0.6

IVD: 05162674-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-62303
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2301
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-000025
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-02534
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 05162674-2353-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62303
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 05162674-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02534 // VULHUB: VHN-62303 // JVNDB: JVNDB-2013-000025 // CNNVD: CNNVD-201303-599 // NVD: CVE-2013-2301

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-62303 // JVNDB: JVNDB-2013-000025 // NVD: CVE-2013-2301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-599

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201303-599

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-000025

PATCH
title:OMRON SOFTWARE Co., Ltd. websiteurl:https://android.googlesource.com/platform/packages/inputmethods/OpenWnn/+/59aefa242169b7a51c2381daee58ff22fd1834ce/ChangeLog.txt
Trust: 0.8
title:Android OMRON OpenWnn file permission setting vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/33099
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02534 // 
            
            
            
            JVNDB: JVNDB-2013-000025

EXTERNAL IDS
db:NVDid:CVE-2013-2301
Trust: 3.6
db:JVNDBid:JVNDB-2013-000025
Trust: 3.1
db:JVNid:JVN01167429
Trust: 2.8
db:CNNVDid:CNNVD-201303-599
Trust: 0.9
db:CNVDid:CNVD-2013-02534
Trust: 0.8
db:JVNid:JVN#01167429
Trust: 0.6
db:BIDid:58784
Trust: 0.4
db:IVDid:05162674-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-62303
Trust: 0.1
sources:
            
            
            IVD: 05162674-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02534 // 
            
            
            
            VULHUB: VHN-62303 // 
            
            
            
            BID: 58784 // 
            
            
            
            JVNDB: JVNDB-2013-000025 // 
            
            
            
            CNNVD: CNNVD-201303-599 // 
            
            
            
            NVD: CVE-2013-2301

REFERENCES
url:http://jvn.jp/en/jp/jvn01167429/index.html
Trust: 2.8
url:https://android.googlesource.com/platform/packages/inputmethods/openwnn/+/59aefa242169b7a51c2381daee58ff22fd1834ce/changelog.txt
Trust: 2.0
url:http://jvn.jp/en/jp/jvn01167429/995309/index.html
Trust: 1.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2013-000025
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2301
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2301
Trust: 0.8
url:http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000025.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02534 // 
            
            
            
            VULHUB: VHN-62303 // 
            
            
            
            BID: 58784 // 
            
            
            
            JVNDB: JVNDB-2013-000025 // 
            
            
            
            CNNVD: CNNVD-201303-599 // 
            
            
            
            NVD: CVE-2013-2301

CREDITS
Gaku Mochizuki of Mitsui Bussan Secure Directions
Trust: 0.3
sources:
            
            
            BID: 58784

SOURCES
db:IVDid:05162674-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02534
db:VULHUBid:VHN-62303
db:BIDid:58784
db:JVNDBid:JVNDB-2013-000025
db:CNNVDid:CNNVD-201303-599
db:NVDid:CVE-2013-2301

LAST UPDATE DATE
2025-04-11T23:14:43.923000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02534date:2013-04-02T00:00:00
db:VULHUBid:VHN-62303date:2013-03-29T00:00:00
db:BIDid:58784date:2013-03-29T00:00:00
db:JVNDBid:JVNDB-2013-000025date:2013-03-29T00:00:00
db:CNNVDid:CNNVD-201303-599date:2013-04-01T00:00:00
db:NVDid:CVE-2013-2301date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:05162674-2353-11e6-abef-000c29c66e3ddate:2013-04-02T00:00:00
db:CNVDid:CNVD-2013-02534date:2013-04-02T00:00:00
db:VULHUBid:VHN-62303date:2013-03-29T00:00:00
db:BIDid:58784date:2013-03-29T00:00:00
db:JVNDBid:JVNDB-2013-000025date:2013-03-29T00:00:00
db:CNNVDid:CNNVD-201303-599date:2013-03-29T00:00:00
db:NVDid:CVE-2013-2301date:2013-03-29T16:09:05.990