exploitDog

CVE-2023-29732

Опубликовано: 30 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.

Ссылки

https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29732/CVE%20detail.md
Exploit
Third Party Advisory
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29732/CVE%20detail.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loka:solive:*:*:*:*:*:android:*:*

Версия от 1.6.14 (включая) до 1.6.20 (включая)

EPSS

Процентиль: 42%

0.00204

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-cq39-r932-4qhj

CVSS3: 9.8

github

больше 2 лет назад

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.

EPSS

Процентиль: 42%

0.00204

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-276

CWE-276