Sign-up

ID

VAR-202205-0306


CVE

CVE-2022-27875


TITLE

Access for Android  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010585

DESCRIPTION

On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Access for Android There is a vulnerability related to information leakage.Information may be obtained. F5 Access is the use of VPN and optimization technology of F5 Corporation in the United States to protect and accelerate mobile devices' access to corporate networks and applications

Trust: 1.8

sources: NVD: CVE-2022-27875 // JVNDB: JVNDB-2022-010585 // VULHUB: VHN-419890 // VULMON: CVE-2022-27875

AFFECTED PRODUCTS

vendor:f5model:access for androidscope:gteversion:3.0.6

Trust: 1.0

vendor:f5model:access for androidscope:ltversion:3.0.8

Trust: 1.0

vendor:f5model:access for androidscope:eqversion:3.0.8

Trust: 0.8

vendor:f5model:access for androidscope: - version: -

Trust: 0.8

vendor:f5model:access for androidscope:ltversion:3.x

Trust: 0.8

vendor:f5model:access for androidscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010585 // NVD: CVE-2022-27875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27875
value: MEDIUM

Trust: 1.0

f5sirt@f5.com: CVE-2022-27875
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-27875
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202205-2480
value: MEDIUM

Trust: 0.6

VULHUB: VHN-419890
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-27875
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-27875
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-419890
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-27875
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-010585
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-419890 // VULMON: CVE-2022-27875 // JVNDB: JVNDB-2022-010585 // CNNVD: CNNVD-202205-2480 // NVD: CVE-2022-27875 // NVD: CVE-2022-27875

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

sources: VULHUB: VHN-419890 // JVNDB: JVNDB-2022-010585 // NVD: CVE-2022-27875

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2480

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202205-2480

PATCH

title:K40019131url:https://support.f5.com/csp/article/K40019131

Trust: 0.8

title:F5 Access for Android Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191596

Trust: 0.6

sources: JVNDB: JVNDB-2022-010585 // CNNVD: CNNVD-202205-2480

EXTERNAL IDS

db:NVDid:CVE-2022-27875

Trust: 3.4

db:JVNDBid:JVNDB-2022-010585

Trust: 0.8

db:CS-HELPid:SB2022050519

Trust: 0.6

db:CNNVDid:CNNVD-202205-2480

Trust: 0.6

db:CNVDid:CNVD-2022-74971

Trust: 0.1

db:VULHUBid:VHN-419890

Trust: 0.1

db:VULMONid:CVE-2022-27875

Trust: 0.1

sources: VULHUB: VHN-419890 // VULMON: CVE-2022-27875 // JVNDB: JVNDB-2022-010585 // CNNVD: CNNVD-202205-2480 // NVD: CVE-2022-27875

REFERENCES

url:https://support.f5.com/csp/article/k40019131

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-27875

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-27875/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022050519

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-419890 // VULMON: CVE-2022-27875 // JVNDB: JVNDB-2022-010585 // CNNVD: CNNVD-202205-2480 // NVD: CVE-2022-27875

SOURCES

db:VULHUBid:VHN-419890
db:VULMONid:CVE-2022-27875
db:JVNDBid:JVNDB-2022-010585
db:CNNVDid:CNNVD-202205-2480
db:NVDid:CVE-2022-27875

LAST UPDATE DATE

2024-11-23T23:10:54.096000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-419890date:2022-05-12T00:00:00
db:VULMONid:CVE-2022-27875date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2022-010585date:2023-08-16T03:03:00
db:CNNVDid:CNNVD-202205-2480date:2022-05-13T00:00:00
db:NVDid:CVE-2022-27875date:2024-11-21T06:56:23.360

SOURCES RELEASE DATE

db:VULHUBid:VHN-419890date:2022-05-05T00:00:00
db:VULMONid:CVE-2022-27875date:2022-05-05T00:00:00
db:JVNDBid:JVNDB-2022-010585date:2023-08-16T00:00:00
db:CNNVDid:CNNVD-202205-2480date:2022-05-05T00:00:00
db:NVDid:CVE-2022-27875date:2022-05-05T17:15:13.683