Lucene search

K
cve[email protected]CVE-2015-1541
HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-1541

2015-10-0100:59:08
CWE-284
web.nvd.nist.gov
19
cve-2015-1541
appwidgetserviceimpl
android
settings application
uri permission
intent
flag_grant_read_uri_permission
flag_grant_write_uri_permission
bug 19618745
nvd

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

32.8%

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

Affected configurations

NVD
Node
googleandroidRangeโ‰ค5.1
CPENameOperatorVersion
google:androidgoogle androidle5.1

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

32.8%