CWE-927
Use of Implicit Intent for Sensitive Communication
VariantIncomplete
Description
The Android application uses an implicit intent for transmitting sensitive data to other applications.
Hierarchy (View 1000)
CVEs mapped to this weakness (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3108 | Med | 0.36 | 5.5 | 0.00 | May 3, 2024 | An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. | |
| CVE-2023-41826 | Med | 0.33 | 5.1 | 0.00 | May 3, 2024 | A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. | |
| CVE-2023-41820 | Med | 0.33 | 5.0 | 0.00 | May 3, 2024 | An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. | |
| CVE-2023-41828 | Med | 0.29 | 4.4 | 0.00 | May 3, 2024 | An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. | |
| CVE-2024-3480 | Low | 0.18 | 2.8 | 0.00 | May 3, 2024 | An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data. | |
| CVE-2023-41824 | Low | 0.18 | 2.8 | 0.00 | May 3, 2024 | An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data. | |
| CVE-2023-41817 | Low | 0.18 | 2.8 | 0.00 | May 3, 2024 | An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information. |