CVE-2023-39384Incorrect Authorization in Huawei Emui

CWE-264CWE-863Incorrect Authorization3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 80.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Harmonyos
Timeline
PublishedAug 13

Description

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5huawei/emui4 versions+3
NVDhuawei/emui12.0.1, 13.0.0+1
CVEListV5huawei/harmonyos5 versions+4
NVDhuawei/harmonyos2.0.1, 3.0.0, 3.1.0+2

🔴Vulnerability Details

2
CVEList
CVE-2023-39384: Vulnerability of incomplete permission verification in the input method module2023-08-13
GHSA
GHSA-6jfg-gmcw-w9p6: Vulnerability of incomplete permission verification in the input method module2023-08-13
CVE-2023-39384 — Incorrect Authorization in Huawei Emui | cvebase