CVE-2009-5097 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Affected Products (NVD)

Vendor	Product	Version
hp	palm_pre_webos	𝑥 ≤ 1.1.0
hp	palm_pre_webos	1.0.2
hp	palm_pre_webos	1.0.3
hp	palm_pre_webos	1.0.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12

http://secunia.com/advisories/36936

http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-11-remote-file-access.html

http://www.precentral.net/webos-1-2-fixed-serious-file-security-issue

http://www.securitytracker.com/id?1022987

http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12

http://secunia.com/advisories/36936

http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-11-remote-file-access.html

http://www.precentral.net/webos-1-2-fixed-serious-file-security-issue

http://www.securitytracker.com/id?1022987