Home > Vulnerability Database > CVE-2014-8507

Mend.io Vulnerability Database

CVE-2014-8507

Date: December 15, 2014

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.

Language: Java

Severity Score

7.3

Related Resources (7)

Url: http://www.securityfocus.com/bid/71310

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-8507

Url: http://xteam.baidu.com/?p=167

Url: http://seclists.org/fulldisclosure/2014/Nov/86

Url: https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6

Url: http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html

Url: https://www.mend.io/vulnerability-database/CVE-2014-8507

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-8507

Date: December 15, 2014

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?