CVE-2020-14126

{"id": "CVE-2020-14126", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-22T16:15:08.123", "references": [{"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=278", "tags": ["Vendor Advisory"], "source": "security@xiaomi.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en la APP Mi Sound. Esta vulnerabilidad es causada por las llamadas ilegales de algunas interfaces JS confidenciales, que pueden ser explotadas por los atacantes para filtrar informaci\u00f3n confidencial"}], "lastModified": "2022-07-28T15:46:39.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mi:sound:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8CF7110-EC86-40B9-9DED-B3C537887A64", "versionEndIncluding": "2.2.40"}], "operator": "OR"}]}], "sourceIdentifier": "security@xiaomi.com"}