AI Score
Confidence
High
EPSS
Percentile
24.9%
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/
www.securityfocus.com/bid/74866
cordova.apache.org/announcements/2015/05/26/android-402.html