CVE-2022-20449

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2024-0024

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2024-0047

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

PT-2024-15320 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of UserManagerService.java causes device policies to be serialized with an incorrect tag. This can lead to a local denial of service when policies are deserialized...

PT-2022-14442 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: A logic error in the code of StorageManagerService.java and UserManagerService.java can lead to user directories being left unencrypted. This issue can result in local information...

Apache Jetspeed vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

The vulnerability of the Android operating system allows a hacker to circumvent restrictions

The vulnerability of the server/pm/UserManagerService.java function in the Android Wi-Fi operating system is related to deficiencies in access control. Exploiting this vulnerability allows a local attacker to circumvent restrictions on Wi-Fi configuration changes by using guest access...

CVE-2016-0710

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

Sql injection

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...

EUVD-2016-3259

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

CVE-2016-2171

CVE-2016-2171 affects Apache Jetspeed prior to 2.3.1, where the User Manager REST API fails to properly restrict access via Jetspeed Security. This allows a remote attacker to perform add, edit, or delete operations on users through the REST API. The IBM advisory consolidates multiple Jetspeed vu...