{"containers": {"cna": {"affected": [{"platforms": ["Android"], "product": "F-Secure Mobile Security", "vendor": "F-Secure", "versions": [{"lessThan": "18.3x*", "status": "affected", "version": "18.4x", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "F-Secure Safe browser for Android vulnerable to Address Bar Spoofing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-11T10:28:33", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594"}], "solutions": [{"lang": "en", "value": "Upgrade to version 18.4.x or newer from Google Play"}], "source": {"discovery": "EXTERNAL"}, "title": "F-Secure Safe browser for Android vulnerable to Address Bar Spoofing", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-33594", "STATE": "PUBLIC", "TITLE": "F-Secure Safe browser for Android vulnerable to Address Bar Spoofing"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure Mobile Security", "version": {"version_data": [{"platform": "Android", "version_affected": ">=", "version_name": "18.3x", "version_value": "18.4x"}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "F-Secure Safe browser for Android vulnerable to Address Bar Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594"}]}, "solution": [{"lang": "en", "value": "Upgrade to version 18.4.x or newer from Google Play"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:43.211Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594"}]}]}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2021-33594", "datePublished": "2021-08-11T10:28:33", "dateReserved": "2021-05-27T00:00:00", "dateUpdated": "2024-08-03T23:50:43.211Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:safe:*:*:*:*:*:android:*:*", "matchCriteriaId": "17900647-DDD4-45DE-8A96-5F9632434B6B", "versionEndExcluding": "18.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de suplantaci\u00f3n de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una URL maliciosa especialmente dise\u00f1ada, aparece como una leg\u00edtima en la barra de direcciones, mientras que el contenido proviene de otro dominio y se presenta en una ventana, cubriendo el contenido original. Un atacante remoto puede aprovechar esto para llevar a cabo un ataque de falsificaci\u00f3n de la barra de direcciones"}], "id": "CVE-2021-33594", "lastModified": "2024-11-21T06:09:09.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-11T11:15:09.067", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}