CVE-2010-0113 - Vulnerability Details - OpenCVE

The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00445.

Key SSVC decision points have not yet been added.

Vendors	Products
Google Subscribe	Android Subscribe
Symantec Subscribe	Mobile Security Subscribe

Configuration 1 [-]

AND

cpe:2.3:a:symantec:mobile_security:1.0:beta:*:*:*:*:*:*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2010-0145	The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/69253
http://www.securityfocus.com/bid/44767
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00
http://www.vupen.com/english/advisories/2010/2982
https://exchange.xforce.ibmcloud.com/vulnerabilities/63294

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-11-15T20:00:00

Updated: 2024-08-07T00:37:54.077Z

Reserved: 2009-12-31T00:00:00

Link: CVE-2010-0113

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-11-15T21:00:03.110

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0113

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "norton-mobile-setup-information-disclosure(63294)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"name": "69253", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69253"}, {"name": "ADV-2010-2982", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"name": "44767", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44767"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0113", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "norton-mobile-setup-information-disclosure(63294)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"name": "69253", "refsource": "OSVDB", "url": "http://osvdb.org/69253"}, {"name": "ADV-2010-2982", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"name": "44767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44767"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:37:54.077Z"}, "title": "CVE Program Container", "references": [{"name": "norton-mobile-setup-information-disclosure(63294)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"name": "69253", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/69253"}, {"name": "ADV-2010-2982", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"name": "44767", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44767"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0113", "datePublished": "2010-11-15T20:00:00", "dateReserved": "2009-12-31T00:00:00", "dateUpdated": "2024-08-07T00:37:54.077Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:mobile_security:1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "0CFFF5C4-A796-489B-83D5-96E74288C29B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."}, {"lang": "es", "value": "La aplicaci\u00f3n Symantec Norton Mobile Security v1.0 Beta para Android guarda detalles de configuraci\u00f3n, incluyendo posiblemente las credenciales wipe/lock en los registros del dispositivo, permitiendo a atacantes remotos asistidos por el usuario obtener informaci\u00f3n sensible mediante una aplicaci\u00f3n independiente especialmente dise\u00f1ada para leer estos registros."}], "id": "CVE-2010-0113", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-11-15T21:00:03.110", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/69253"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44767"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/69253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/44767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}