cve-2022-28868
Vulnerability from cvelistv5
Published
2022-04-15 10:21
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F-Secure | F-Secure Mobile Security |
Version: 18.6 < All Version |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Android"
],
"product": "F-Secure Mobile Security",
"vendor": "F-Secure",
"versions": [
{
"lessThan": "All Version ",
"status": "affected",
"version": "18.6",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T10:21:09",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX: A fix has been released in the automatic update channel since 13th, April 2022. No user action is required."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28868",
"STATE": "PUBLIC",
"TITLE": "Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure Mobile Security",
"version": {
"version_data": [
{
"platform": "Android",
"version_affected": "\u003c",
"version_name": "18.6",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/home/support/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"name": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX: A fix has been released in the automatic update channel since 13th, April 2022. No user action is required."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28868",
"datePublished": "2022-04-15T10:21:09",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-28868\",\"sourceIdentifier\":\"cve-notifications-us@f-secure.com\",\"published\":\"2022-04-15T11:15:07.727\",\"lastModified\":\"2024-11-21T06:58:05.897\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad de suplantaci\u00f3n de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una p\u00e1gina web/URL maliciosa especialmente dise\u00f1ada, el usuario puede ser enga\u00f1ado durante un corto per\u00edodo de tiempo (hasta que la p\u00e1gina es cargada) para pensar que el contenido puede venir de un dominio v\u00e1lido, mientras que el contenido proviene del sitio controlado por el atacante\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-notifications-us@f-secure.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:safe:*:*:*:*:*:android:*:*\",\"versionEndIncluding\":\"18.6\",\"matchCriteriaId\":\"82709386-E1D2-4681-9CC2-26329E97C843\"}]}]}],\"references\":[{\"url\":\"https://www.f-secure.com/en/home/support/security-advisories\",\"source\":\"cve-notifications-us@f-secure.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868\",\"source\":\"cve-notifications-us@f-secure.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/home/support/security-advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.