2.1
CVSSv2

CVE-2018-9548

Published: 06/12/2018 Updated: 03/01/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 181
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Vendor Advisories

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2018-12-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before publica ...

Github Repositories

This repository documents vulnerabilities that can occur in Android Java apps running on Android 511 - Android 81 It contains benign apps with vulnerabilities related to Crypto, ICC, Networking, NonAPI, Permission, Storage, System, and Web APIs Most of the benign apps are accompanied by malicious apps to exploit the vulnerabilities in the corresponding benign app We have