Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components
Vulnerability Description
A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied".
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-926
Vulnerability Title
Verkehrsauskunft Österreich多款产品 安全漏洞
Vulnerability Description
Verkehrsauskunft Österreich SmartRide是奥地利Verkehrsauskunft Österreich公司的一个奥地利公共交通时间表应用。 Verkehrsauskunft Österreich多款产品存在安全漏洞,该漏洞源于AndroidManifest.xml组件导出不当,可能导致本地攻击。以下产品和版本受到影响:Verkehrsauskunft Österreich SmartRide、cleVVVer和BusBahnBim 12.1.1(258)及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A