Описание
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.0 (включая) до 13.0 (включая)
Одновременно
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00046
Низкий
3.6 Low
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-925
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 3.6
github
больше 2 лет назад
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
EPSS
Процентиль: 14%
0.00046
Низкий
3.6 Low
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-925
NVD-CWE-noinfo