CVE-2022-2985

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions music service (affected versions not specified)

Description The issue is related to a missing permission check in the music service, which could lead to elevation of privilege in the contacts service. This can be achieved without needing any additional execution privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ASB-A-244657985

CVE-2022-2985

U-1882490

Affected Products

Music Service

CVE-2022-2985

Weakness Enumeration

Related Identifiers

Affected Products

References · 5