漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components
Vulnerability Description
A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied".
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-926
Vulnerability Title
Verkehrsauskunft Österreich多款产品 安全漏洞
Vulnerability Description
Verkehrsauskunft Österreich SmartRide是奥地利Verkehrsauskunft Österreich公司的一个奥地利公共交通时间表应用。 Verkehrsauskunft Österreich多款产品存在安全漏洞,该漏洞源于AndroidManifest.xml组件导出不当,可能导致本地攻击。以下产品和版本受到影响:Verkehrsauskunft Österreich SmartRide、cleVVVer和BusBahnBim 12.1.1(258)及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A