Medium severity5.3NVD Advisory· Published Oct 27, 2017· Updated Jun 17, 2026
CVE-2015-1835
CVE-2015-1835
Description
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: <3.7.2, <4.0.2
Patches
Vulnerability mechanics
References
3- blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/nvdExploitTechnical DescriptionThird Party Advisory
- www.securityfocus.com/bid/74866nvdThird Party AdvisoryVDB Entry
- cordova.apache.org/announcements/2015/05/26/android-402.htmlnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.