We found results for “”
CVE-2019-2196
Good to know:
Date: November 13, 2019
In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
SQL Injection
CWE-89Top Fix
Upgrade Version
Upgrade to version android-8.0.0_r40;android-8.1.0_r70android-9.0.0_r50;android-10.0.0_r10
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | LOCAL |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | COMPLETE |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |