CVE-2014-8507

EUVD-2014-8344
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
googleandroid
𝑥
≤ 4.4.4
googleandroid
1.0
googleandroid
1.1
googleandroid
1.5
googleandroid
1.6
googleandroid
2.0
googleandroid
2.0.1
googleandroid
2.1
googleandroid
2.2
googleandroid
2.2:rev1
googleandroid
2.2.1
googleandroid
2.2.2
googleandroid
2.2.3
googleandroid
2.3
googleandroid
2.3:rev1
googleandroid
2.3.1
googleandroid
2.3.2
googleandroid
2.3.3
googleandroid
2.3.4
googleandroid
2.3.5
googleandroid
2.3.6
googleandroid
2.3.7
googleandroid
3.0
googleandroid
3.1
googleandroid
3.2
googleandroid
3.2.1
googleandroid
3.2.2
googleandroid
3.2.4
googleandroid
3.2.6
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Nov/86
http://www.securityfocus.com/bid/71310
http://xteam.baidu.com/?p=167
https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6
http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Nov/86
http://www.securityfocus.com/bid/71310
http://xteam.baidu.com/?p=167
https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6