Home > Vulnerability Database > CVE-2024-23706

Mend.io Vulnerability Database

CVE-2024-23706

Date: May 7, 2024

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Language: Java

Severity Score

7.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23706

Url: https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87

Url: https://source.android.com/security/bulletin/2024-05-01

Url: https://www.mend.io/vulnerability-database/CVE-2024-23706

Severity Score

7.8

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23706

Date: May 7, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?