CVE-2022-38163

CWE-451CWE-234 documents4 sources
Severity
3.5LOW
EPSS
0.4%
top 39.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F-secure Safe
Timeline
PublishedNov 7

Description

A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages1 packages

NVDf-secure/safe19.0

🔴Vulnerability Details

2
GHSA
GHSA-x7v7-6r3p-jhgv: WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 2 of 5)2022-11-07
CVEList
CVE-2022-38163: A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 192022-11-07

📋Vendor Advisories

1
CISA
SAP NetWeaver Unrestricted File Upload Vulnerability2022-06-09
CVE-2022-38163 (LOW CVSS 3.5) | A Drag and Drop spoof vulnerability | cvebase.io