Main Vulnerability Database Vulnerabilities #VU34473

#VU34473 Information disclosure in Google Android - CVE-2015-9547

Published: April 10, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34473

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-9547

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015).

Remediation

Install update from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb

#VU34473 Information disclosure in Google Android - CVE-2015-9547

Description

Remediation

External links

Please verify you're human