CVE-2015-5207Improper Access Control in Apache Cordova

CWE-254CWE-284Improper Access Control3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 65.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Cordova
Timeline
PublishedMay 9
Latest updateMay 14

Description

Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

NVDapache/cordova3.9.1

🔴Vulnerability Details

2
GHSA
GHSA-mv57-p7w6-3hwg: Apache Cordova iOS before 42022-05-14
CVEList
CVE-2015-5207: Apache Cordova iOS before 42016-05-09
CVE-2015-5207 — Improper Access Control in Apache | cvebase