Home > Vulnerability Database > CVE-2022-20497

Mend.io Vulnerability Database

CVE-2022-20497

Date: December 12, 2022

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979

Language: Java

Severity Score

4.6

Related Resources (3)

Url: https://source.android.com/security/bulletin/2022-12-01

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-20497

Url: https://www.mend.io/vulnerability-database/CVE-2022-20497

Severity Score

4.6

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-20497

Date: December 12, 2022

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?