Published: 13/04/2021 Updated: 16/04/2021

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.1
google android 9.0
google android 10.0

Critical Infrastructure Sectors: Critical Manufacturing

CWE-269 https://source.android.com/security/bulletin/2021-04-01 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-0438

Vulnerability Summary

Vulnerability Trend

ICS Advisories

References

Vulmon Search

About

Products

Connect