PT-2024-18810 · Ims · Ims
Khilli
·
Published
2024-07-02
·
Updated
2024-07-05
·
CVE-2024-20897
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FCM function in IMS service versions prior to SMR Jul-2024 Release 1
Description
The issue concerns the use of implicit intent for sensitive communication in the FCM function within the IMS service, allowing local attackers to obtain sensitive information.
Recommendations
For versions prior to SMR Jul-2024 Release 1, update to SMR Jul-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information handled by the FCM function in the IMS service until the update is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ims