CVE-2022-4903

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodenameOne version 7.0.70

Description A vulnerability was found in CodenameOne, classified as problematic. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high and the exploitability is told to be difficult.

Recommendations Upgrade to version 7.0.71 to address this issue. As a temporary workaround, consider restricting the use of implicit intent for sensitive communication until the patch is applied.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-927CWE-668

Related Identifiers

CVE-2022-4903

GHSA-P6XQ-9H8R-V544

Affected Products

Codenameone

CVE-2022-4903

Weakness Enumeration

Related Identifiers

Affected Products

References · 12