Main Vulnerability Database Vulnerabilities #VU34485

Information disclosure in Google Android - CVE-2018-21056

Published: April 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34485

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-21056

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018).

How to mitigate CVE-2018-21056

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Information disclosure in Google Android - CVE-2018-21056

Detailed vulnerability description

How to mitigate CVE-2018-21056

Sources

Please verify you're human