PT-2019-5833 · Trend Micro · Trend Micro Dr. Safety For Android

Published

2019-02-05

Updated

2019-02-13

CVE-2018-18334

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro Dr. Safety for Android versions prior to 3.0.1478

Description The issue is related to a bypass of the Same Origin Policy (SOP) in the Private Browser of Trend Micro Dr. Safety for Android, which could allow a remote attacker to obtain sensitive information via crafted JavaScript code. This is due to a lack of protection for service data, enabling an unauthorized access to protected information.

Recommendations For versions prior to 3.0.1478, update to version 3.0.1478 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2021-03295

CVE-2018-18334

Affected Products

Trend Micro Dr. Safety For Android

PT-2019-5833 · Trend Micro · Trend Micro Dr. Safety For Android

CVE-2018-18334

Weakness Enumeration

Related Identifiers

Affected Products

References · 4