CVE-2022-3611 - Vulnerability Details - OpenCVE

An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00066.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo Subscribe	App Store App Subscribe

Configuration 1 [-]

cpe:2.3:a:lenovo:app_store_app:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-42972	An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

Fixes

Solution

Update the Lenovo App Store to version 11.8.0 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://iknow.lenovo.com.cn/detail/205280.html

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-27T19:05:01.038Z

Updated: 2024-09-09T19:46:50.723Z

Reserved: 2022-10-19T19:42:56.652Z

Link: CVE-2022-3611

Vulnrichment

Updated: 2024-08-03T01:14:02.570Z

NVD

Status : Modified

Published: 2023-10-27T20:15:08.623

Modified: 2024-11-21T07:19:52.790

Link: CVE-2022-3611

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-200

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3611", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-10-19T19:42:56.652Z", "datePublished": "2023-10-27T19:05:01.038Z", "dateUpdated": "2024-09-09T19:46:50.723Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "App Store", "vendor": "Lenovo", "versions": [{"lessThan": "11.8.0", "status": "affected", "version": " ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Yu Junfeng for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications."}], "value": "An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T19:05:01.038Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/205280.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the Lenovo App Store to version 11.8.0 or higher. "}], "value": "Update the Lenovo App Store to version 11.8.0 or higher. "}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.570Z"}, "title": "CVE Program Container", "references": [{"url": "https://iknow.lenovo.com.cn/detail/205280.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T19:46:40.835539Z", "id": "CVE-2022-3611", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:46:50.723Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://iknow.lenovo.com.cn/detail/205280.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.570Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3611", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T19:46:40.835539Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:46:46.848Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Yu Junfeng for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "App Store", "versions": [{"status": "affected", "version": " ", "lessThan": "11.8.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the Lenovo App Store to version 11.8.0 or higher. ", "supportingMedia": [{"type": "text/html", "value": "Update the Lenovo App Store to version 11.8.0 or higher. ", "base64": false}]}], "references": [{"url": "https://iknow.lenovo.com.cn/detail/205280.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.", "supportingMedia": [{"type": "text/html", "value": "An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T19:05:01.038Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3611", "state": "PUBLISHED", "dateUpdated": "2024-09-09T19:46:50.723Z", "dateReserved": "2022-10-19T19:42:56.652Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2023-10-27T19:05:01.038Z", "assignerShortName": "lenovo"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:app_store_app:*:*:*:*:*:*:*:*", "matchCriteriaId": "435DD234-83D9-4D54-B648-4FEC4CAB9362", "versionEndExcluding": "11.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Lenovo App Store que puede permitir que algunas aplicaciones obtengan acceso no autorizado a datos confidenciales del usuario utilizados por otras aplicaciones no relacionadas."}], "id": "CVE-2022-3611", "lastModified": "2024-11-21T07:19:52.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T20:15:08.623", "references": [{"source": "psirt@lenovo.com", "tags": ["Third Party Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205280.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205280.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}