CVE-2022-20520
16.12.2022, 16:15
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202Enginsight
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1021 - Improper Restriction of Rendered UI Layers or FramesThe web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
- CWE-102 - Struts: Duplicate Validation FormsThe application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.