Details of VAR-201912-0107

ID

VAR-201912-0107

CVE

CVE-2019-8791

TITLE

Shazam Android and Shazam iOS In the application URL Scheme analysis vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013751

DESCRIPTION

An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. Shazam is a music playback application. The program has functions such as music recognition and playback

Trust: 1.8

sources: NVD: CVE-2019-8791 // JVNDB: JVNDB-2019-013751 // VULHUB: VHN-160226 // VULMON: CVE-2019-8791

AFFECTED PRODUCTS

vendor:	apple	model:	shazam	scope:	lt	version:	9.25.0	Trust: 1.0
vendor:	apple	model:	shazam	scope:	lt	version:	12.11.0	Trust: 1.0
vendor:	apple	model:	shazam	scope:	lt	version:	12.11.0 (ios 10 or later )	Trust: 0.8
vendor:	apple	model:	shazam	scope:	lt	version:	9.25.0 (android : 9.24.1)	Trust: 0.8

sources: JVNDB: JVNDB-2019-013751 // NVD: CVE-2019-8791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8791
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-8791
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201912-855
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-160226
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-8791
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8791
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-160226
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8791
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2019-8791
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-160226 // VULMON: CVE-2019-8791 // JVNDB: JVNDB-2019-013751 // CNNVD: CNNVD-201912-855 // NVD: CVE-2019-8791

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.9

sources: VULHUB: VHN-160226 // JVNDB: JVNDB-2019-013751 // NVD: CVE-2019-8791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-855

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-855

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013751

PATCH

title:	HT210744	url:	https://support.apple.com/en-us/HT210744	Trust: 0.8
title:	HT210745	url:	https://support.apple.com/en-us/HT210745	Trust: 0.8
title:	HT210744	url:	https://support.apple.com/ja-jp/HT210744	Trust: 0.8
title:	HT210745	url:	https://support.apple.com/ja-jp/HT210745	Trust: 0.8
title:	Shazam Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106372	Trust: 0.6
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1

sources: VULMON: CVE-2019-8791 // JVNDB: JVNDB-2019-013751 // CNNVD: CNNVD-201912-855

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8791	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-013751	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-855	Trust: 0.7
db:	CNVD	id:	CNVD-2020-03586	Trust: 0.1
db:	VULHUB	id:	VHN-160226	Trust: 0.1
db:	VULMON	id:	CVE-2019-8791	Trust: 0.1

sources: VULHUB: VHN-160226 // VULMON: CVE-2019-8791 // JVNDB: JVNDB-2019-013751 // CNNVD: CNNVD-201912-855 // NVD: CVE-2019-8791

REFERENCES

url:	https://support.apple.com/ht210744	Trust: 1.8
url:	https://support.apple.com/ht210745	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8791	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8791	Trust: 0.8
url:	https://support.apple.com/en-us/ht210745	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/601.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/developer3000s/poc-in-github	Trust: 0.1

sources: VULHUB: VHN-160226 // VULMON: CVE-2019-8791 // JVNDB: JVNDB-2019-013751 // CNNVD: CNNVD-201912-855 // NVD: CVE-2019-8791

SOURCES

db:	VULHUB	id:	VHN-160226
db:	VULMON	id:	CVE-2019-8791
db:	JVNDB	id:	JVNDB-2019-013751
db:	CNNVD	id:	CNNVD-201912-855
db:	NVD	id:	CVE-2019-8791

LAST UPDATE DATE

2024-11-23T22:55:20.257000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160226	date:	2020-01-02T00:00:00
db:	VULMON	id:	CVE-2019-8791	date:	2020-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013751	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-855	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2019-8791	date:	2024-11-21T04:50:28.923

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160226	date:	2019-12-18T00:00:00
db:	VULMON	id:	CVE-2019-8791	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-013751	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-855	date:	2019-12-18T00:00:00
db:	NVD	id:	CVE-2019-8791	date:	2019-12-18T18:15:41.647