Home > Vulnerability Database > CVE-2022-20493

Mend.io Vulnerability Database

CVE-2022-20493

Good to know:

Date: January 26, 2023

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

Language: Java

Severity Score

7.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-20493

Url: https://www.cve.org/CVERecord?id=CVE-2022-20493

Url: https://android.googlesource.com/platform/frameworks/base/+/81352c3775949c622441e10b468766441e35edc7

Url: https://source.android.com/security/bulletin/2023-01-01

Url: https://www.mend.io/vulnerability-database/CVE-2022-20493

Severity Score

7.8

Weakness Type (CWE)

Input Validation

CWE-20

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

Upgrade Version

Upgrade to version android-13.0.0_r16

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-20493

Good to know:

Date: January 26, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?