CVE-2019-15367
Tableau XML Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
El dispositivo Haier P10 Android con una huella digital de compilación de Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys, contiene una aplicación preinstalada con un nombre de paquete de aplicación com.mediatek.wfo.impl (versionCode=27, versionName=8.1.0), que permite a cualquier aplicación ubicada en el dispositivo modificar una propiedad del sistema por medio de una interfaz exportada sin la autorización adecuada
Tableau suffers from an XML external entity injection vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-22 CVE Reserved
- 2019-08-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.kryptowire.com/android-firmware-2019 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Haier Search vendor "Haier" | P10 Firmware Search vendor "Haier" for product "P10 Firmware" | - | - |
Affected
| in | Haier Search vendor "Haier" | P10 Search vendor "Haier" for product "P10" | - | - |
Safe
|