{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T07:56:36.863","vulnerabilities":[{"cve":{"id":"CVE-2017-15308","sourceIdentifier":"psirt@huawei.com","published":"2017-12-22T17:29:12.923","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run."},{"lang":"es","value":"La aplicación Huawei iReader en versiones anteriores a la 8.0.2.301 tiene una vulnerabilidad de validación de entradas debida a una validación insuficiente en la URL empleada para cargar datos de red. Un atacante puede controlar el acceso a la aplicación y cargar sitios web maliciosos creados por él. Así, el código de estas páginas web se cargaría y ejecutaría."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:ireader:*:*:*:*:*:*:*:*","versionEndExcluding":"8.0.2.301","matchCriteriaId":"F2028F4E-4042-40E1-9A67-84D18B5EED35"}]}]}],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en","source":"psirt@huawei.com","tags":["Vendor Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}