Home > Vulnerability Database > CVE-2023-21251

Mend.io Vulnerability Database

CVE-2023-21251

Date: July 12, 2023

In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Language: Java

Severity Score

7.3

Related Resources (4)

Url: https://source.android.com/security/bulletin/2023-07-01

Url: https://android.googlesource.com/platform/frameworks/base/+/57946e2bb73850e817b3c01fa5350d705e178e39

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-21251

Url: https://www.mend.io/vulnerability-database/CVE-2023-21251

Severity Score

7.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-21251

Date: July 12, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?