CVE-2023-21387

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Oct 30, 2023

Updated: Nov 7, 2023

CWE ID 532

Summary

CVE-2023-21387 is a vulnerability affecting User Backup Manager. It allows an attacker to potentially leak a token that bypasses user confirmation for backup, leading to local information disclosure. Notably, this vulnerability does not require user interaction for exploitation, and system execution privileges are necessary for the disclosure to occur.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s4-Acj
https://www.cve.org/CVERecord?id=CVE-2023-21387
https://nvd.nist.gov/vuln/detail/CVE-2023-21387

Back to Vulnerability Database