OpenCVE

A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F-secure	Safe

Configuration 1 [-]

OR	cpe:2.3:a:f-secure:safe::::::android::*
	cpe:2.3:a:f-secure:safe::::::iphone_os::*

No data.

References

Link	Providers
https://withsecure.com
https://www.f-secure.com/en/home/support/security-advisories
https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38163

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-07T00:00:00

Updated: 2024-08-03T10:45:52.743Z

Reserved: 2022-08-11T00:00:00

Link: CVE-2022-38163

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-07T15:15:10.277

Modified: 2024-11-21T07:15:54.997

Link: CVE-2022-38163

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:safe:*:*:*:*:*:android:*:*", "matchCriteriaId": "1A67B7CE-3312-40D2-9834-B079E4161B07", "versionEndIncluding": "19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:safe:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "392BA917-690D-47E3-B524-13F4C21E25FE", "versionEndIncluding": "19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad falsa de arrastrar y soltar en F-Secure SAFE Browser para Android e iOS versi\u00f3n 19.0 y anteriores. La operaci\u00f3n de arrastrar y soltar por parte del usuario en la barra de direcciones podr\u00eda provocar una suplantaci\u00f3n de la barra de direcciones."}], "id": "CVE-2022-38163", "lastModified": "2024-11-21T07:15:54.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-07T15:15:10.277", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://withsecure.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/home/support/security-advisories"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://withsecure.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/home/support/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38163"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}