VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 23, 2020· Updated Sep 17, 2024

CVE-2020-4353

CVE-2020-4353

Description

Physical access to IBM MaaS360 Android app up to 6.82 can crash the application, bypassing MDM restrictions to access restricted apps and settings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Physical access to IBM MaaS360 Android app up to 6.82 can crash the application, bypassing MDM restrictions to access restricted apps and settings.

Vulnerability

IBM MaaS360 Android Mobile Apps versions up to 6.82 contain a vulnerability where a user with physical access to the device can crash the application [1]. This allows the user to bypass the intended mobile device management (MDM) restrictions.

Exploitation

An attacker with physical access to the device can cause the MaaS360 application to crash, which may enable them to access restricted applications and device settings [1]. No authentication or user interaction is required beyond physical presence.

Impact

Successful exploitation allows the attacker to access restricted applications and device settings, potentially compromising the security controls enforced by the MDM [1]. The CVSS score indicates a high availability impact, with no direct confidentiality or integrity impact from the crash itself, but the bypass could lead to further compromise.

Mitigation

IBM released MaaS360 Android Mobile Application version 6.90 or later to fix this vulnerability [1]. Users should update to the latest version. No workarounds are available [1].

References
  1. Security Bulletin: Instability in the Kiosk Android (CVE-2020-4353)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/Maas360 Dtmllm-create2 versions
    =6.82+ 1 more
    • (no CPE)range: =6.82
    • (no CPE)range: 6.82

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.