Lucene search

K
osvGoogleOSV:ASB-A-183612370
HistoryJan 01, 2022 - 12:00 a.m.

App can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission.

2022-01-0100:00:00
Google
osv.dev
11

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for OSV:ASB-A-183612370