CVE-2014-5319
medium
CVSS v3
—
CVSS v2
6.4
VIR risk
6.4
Description
Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: vultures@jpcert.or.jp — http://jvndb.jvn.jp/jvndb/JVNDB-2014-000107
Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN16485017/index.html
Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN16485017/995479/index.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| s-link | slfilemanager | {"endIncluding":"1.2.5"} | |
References
- http://jvn.jp/en/jp/JVN16485017/995479/index.html
- http://jvn.jp/en/jp/JVN16485017/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000107
- http://www.securityfocus.com/bid/70147
- http://jvn.jp/en/jp/JVN16485017/995479/index.html
- http://jvn.jp/en/jp/JVN16485017/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000107
- http://www.securityfocus.com/bid/70147
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.