We found results for “”
CVE-2019-2211
Good to know:
Date: November 13, 2019
In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269669
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
SQL Injection
CWE-89Top Fix
Upgrade Version
Upgrade to version android-8.0.0_r40;android-8.1.0_r70;android-9.0.0_r50landroid-10.0.0_r10
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | COMPLETE |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |