How severe is CVE-2018-15001?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2018-15001?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2018-15001 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files.

Related Vulnerabilities

CVE-2014-3536

MEDIUM

CVSS:5.5(Medium)

CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

CWE-5322014

CVE-2015-3243

MEDIUM

CVSS:5.5(Medium)

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

CWE-5322015

CVE-2016-4443

MEDIUM

CVSS:5.5(Medium)

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

CWE-5322016

CVE-2016-5967

MEDIUM

CVSS:5.5(Medium)

The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.

CWE-5322016

CVE-2016-9985

MEDIUM

CVSS:5.5(Medium)

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

CWE-5322016

CVE-2017-2592

MEDIUM

CVSS:5.5(Medium)

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error messa...

CWE-5322017