CVE-2018-16264

MEDIUM

Tizen < 5.0 M1 - Unauthenticated Exposure of Sensitive Information via D-Bus Security Policy Misconfiguration

Title source: llm
STIX 2.1

Description

The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Scores

CVSS v3 6.5
EPSS 0.0058
EPSS Percentile 43.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (11)
linux/tizen 1.0 (2 CPE variants)
linux/tizen 2.0
linux/tizen 2.1
linux/tizen 2.2
linux/tizen 2.2.1
linux/tizen 2.3
linux/tizen 2.3.1
linux/tizen 2.4
linux/tizen 3.0 (3 CPE variants)
linux/tizen 4.0 m1 (3 CPE variants)
... and 1 more
Published Jan 22, 2020
Tracked Since Feb 18, 2026