CVE-2018-9526Sensitive Information Exposure in INC Android

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 47.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedNov 14
Latest updateMay 14

Description

In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5google_inc/androidAndroid-9

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-9m6f-gwxw-gqc9: In device configuration data, there is an improperly configured setting2022-05-14
CVEList
CVE-2018-9526: In device configuration data, there is an improperly configured setting2018-11-14

📋Vendor Advisories

1
Android
CVE-2018-9526: Android Security Bulletin 2019-06-01 CVE: CVE-2018-9526 Severity: HIGH Type: ID Affected AOSP versions: 72019-06-01
CVE-2018-9526 — Sensitive Information Exposure | cvebase