KEVIntel
Back to KEVs
5.5
CVSS
Medium

CVE-2023-21237

PUBLISHED

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or...

Exploited in the wild Low complexity No user interaction
Vendor
Google
Product
Android
Published
Jun 28, 2023
EPSS

Description

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

java android cisa

CVSS scores

CVSS v3.1 5.5 Medium

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2024-03-05 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 05, 2024

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel