Lucene search

[email protected]CVE-2015-1541

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-1541

2015-10-0100:59:08

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-1541

appwidgetserviceimpl

android

settings application

uri permission

intent

flag_grant_read_uri_permission

flag_grant_write_uri_permission

bug 19618745

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.8%

JSON

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.

Affected configurations

NVD

Node

googleandroidRange≤5.1

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for CVE-2015-1541

cvelist1 nvd1 ubuntucve1 prion1 androidsecurity1