CVE-2022-22270
10.01.2022, 14:12
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
Vendor | Product | Version |
---|---|---|
android | 9.0 | |
android | 10.0 | |
android | 11.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-552 - Files or Directories Accessible to External PartiesThe product makes files or directories accessible to unauthorized actors, even though they should not be.