VYPR

CWE-927

Use of Implicit Intent for Sensitive Communication

VariantIncomplete

Description

The Android application uses an implicit intent for transmitting sensitive data to other applications.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (8)

  • CVE-2024-3108MedMay 3, 2024
    risk 0.36cvss 5.5epss 0.00

    An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. 

  • CVE-2023-41826MedMay 3, 2024
    risk 0.33cvss 5.1epss 0.00

    A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. 

  • CVE-2023-41820MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. 

  • CVE-2023-41828MedMay 3, 2024
    risk 0.29cvss 4.4epss 0.00

    An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.  

  • CVE-2024-3480LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.

  • CVE-2023-41824LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.

  • CVE-2023-41817LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.

  • CVE-2022-4903Feb 10, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is…