{"api_version":"1","generated_at":"2026-04-23T13:50:29+00:00","cve":"CVE-2019-5244","urls":{"html":"https://cve.report/CVE-2019-5244","api":"https://cve.report/api/cve/CVE-2019-5244.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5244","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5244"},"summary":{"title":"CVE-2019-5244","description":"Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2019-06-04 18:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5244","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5244","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"5244","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"mate_9_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5244","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"mate_9_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5244","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_fimware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5244","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"mate_9_pro_fimware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-5244","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Huawei","product":{"product_data":[{"product_name":"Mate 9 Pro","version":{"version_data":[{"version_value":"Earlier than LON-L29C 8.0.0.361(C636) versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"information leak"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en","url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-informationleak-en"}]},"description":{"description_data":[{"lang":"eng","value":"Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak."}]}},"nvd":{"publishedDate":"2019-06-04 18:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:mate_9_pro_fimware:*:*:*:*:*:*:*:*","versionEndExcluding":"lon-l29c_8.0.0.361\\(c636\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5244","Ordinal":"142860","Title":"CVE-2019-5244","CVE":"CVE-2019-5244","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5244","Ordinal":"1","NoteData":"Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"5244","Ordinal":"2","NoteData":"2019-06-04","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"5244","Ordinal":"3","NoteData":"2019-06-04","Type":"Other","Title":"Modified"}]}}}