Описание
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mi:mi_app_store:4.12.2:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00047
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 5.5
github
почти 4 года назад
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.
EPSS
Процентиль: 15%
0.00047
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-863