PT-2022-10936 · Google · Android

Published

2022-01-01

Updated

2022-01-15

CVE-2021-39628

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-11

Description The issue is related to a logic error in the StatusBar.java code, which could lead to the disclosure of notification content on the lock screen. This results in local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions Android-10 through Android-11, apply the necessary code fixes to resolve the logic error in StatusBar.java.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

ASB-A-189575031

CVE-2021-39628

Affected Products

Android

PT-2022-10936 · Google · Android

CVE-2021-39628

Weakness Enumeration

Related Identifiers

Affected Products

References · 5