CVE-2023-21387Detail
This CVE record was updated after NVD enrichment efforts were completed. The enrichment data provided by the NVD may require modification due to these changes.
Description
In User Backup Manager, there is a possible way to disclose a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with necessary system execution privileges. User interaction is not required for operation.
Metric
NVD enrichment efforts refer to publicly available information to associate vector strings. CVSS information provided by other sources is also displayed.
References to advice, solutions and tools
By selecting these links, you will leave the NIST web space. We have provided these links to other websites because they may contain information that may be of interest to you. No inference should be drawn from whether or not other sites are referenced from this page. There may be other websites better suited to your needs. NIST does not necessarily endorse the opinions expressed or the facts presented on these sites. Additionally, NIST does not endorse any commercial products that may be mentioned on these sites. Please direct your comments on this page to [email protected].
List of weaknesses
| ID CWE | CWE Name | Source |
|---|---|---|
|
CWE-532 |
Inserting sensitive information into the log file |
NIST |
Quick information
CVE dictionary entry:
CVE-2023-21387
NVD publication date:
10/30/2023
NVD Last modification:
11/21/2024
Source:
Android (associated with Google Inc. or Open Handset Alliance)
