Details of VAR-201601-0420

ID

VAR-201601-0420

CVE

CVE-2015-8303

TITLE

Huawei Document Security Management Vulnerabilities in which important information is obtained in software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006753

DESCRIPTION

Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. Huawei DSM is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information which may aid in further attacks. Huawei Document Security Management (DSM) is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. The vulnerability is caused by the clipboard not being cleared correctly when the program closes the security file

Trust: 1.98

sources: NVD: CVE-2015-8303 // JVNDB: JVNDB-2015-006753 // BID: 77821 // VULHUB: VHN-86264

AFFECTED PRODUCTS

vendor:	huawei	model:	document security management	scope:	eq	version:	v100r002c03spc005	Trust: 1.6
vendor:	huawei	model:	dsm	scope:	lt	version:	v100r002c05spc661	Trust: 0.8
vendor:	huawei	model:	dsm v100r002c03spc005	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	dsm v100r002c05spc661	scope:	ne	version:	-	Trust: 0.3

sources: BID: 77821 // JVNDB: JVNDB-2015-006753 // CNNVD: CNNVD-201512-307 // NVD: CVE-2015-8303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8303
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-8303
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201512-307
value:	LOW
Trust: 0.6
VULHUB:	VHN-86264
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-8303
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-86264
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8303
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-86264 // JVNDB: JVNDB-2015-006753 // CNNVD: CNNVD-201512-307 // NVD: CVE-2015-8303

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-86264 // JVNDB: JVNDB-2015-006753 // NVD: CVE-2015-8303

THREAT TYPE

local

Trust: 0.9

sources: BID: 77821 // CNNVD: CNNVD-201512-307

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006753

PATCH

title:	Huawei-SA-20151118-01-DSM	url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462410.htm	Trust: 0.8
title:	Huawei Document Security Management Fixes for local information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59139	Trust: 0.6

sources: JVNDB: JVNDB-2015-006753 // CNNVD: CNNVD-201512-307

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8303	Trust: 2.8
db:	BID	id:	77821	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-006753	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-307	Trust: 0.7
db:	VULHUB	id:	VHN-86264	Trust: 0.1

sources: VULHUB: VHN-86264 // BID: 77821 // JVNDB: JVNDB-2015-006753 // CNNVD: CNNVD-201512-307 // NVD: CVE-2015-8303

REFERENCES

url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462410.htm	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8303	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8303	Trust: 0.8
url:	http://www.securityfocus.com/bid/77821	Trust: 0.6
url:	http://carrier.huawei.com/en/products/data-communication/network-security/terminal-security/dsm/	Trust: 0.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462410.htm	Trust: 0.3

sources: VULHUB: VHN-86264 // BID: 77821 // JVNDB: JVNDB-2015-006753 // CNNVD: CNNVD-201512-307 // NVD: CVE-2015-8303

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 77821

SOURCES

db:	VULHUB	id:	VHN-86264
db:	BID	id:	77821
db:	JVNDB	id:	JVNDB-2015-006753
db:	CNNVD	id:	CNNVD-201512-307
db:	NVD	id:	CVE-2015-8303

LAST UPDATE DATE

2025-04-12T23:35:04.180000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-86264	date:	2016-01-13T00:00:00
db:	BID	id:	77821	date:	2015-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-006753	date:	2016-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201512-307	date:	2016-01-11T00:00:00
db:	NVD	id:	CVE-2015-8303	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-86264	date:	2016-01-08T00:00:00
db:	BID	id:	77821	date:	2015-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-006753	date:	2016-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201512-307	date:	2015-11-18T00:00:00
db:	NVD	id:	CVE-2015-8303	date:	2016-01-08T19:59:12.210