CVE Vulnerabilities

CVE-2021-25515

Improper Privilege Management

Published: Dec 08, 2021 | Modified: Dec 13, 2021
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.

Weakness

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Android Google 9.0 9.0
Android Google 10.0 10.0
Android Google 11.0 11.0

Potential Mitigations

References