Home > Vulnerability Database > CVE-2022-20497

Mend.io Vulnerability Database

CVE-2022-20497

Good to know:

Date: December 12, 2022

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979

Language: Java

Severity Score

4.6

Related Resources (3)

Url: https://source.android.com/security/bulletin/2022-12-01

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-20497

Url: https://www.mend.io/vulnerability-database/CVE-2022-20497

Severity Score

4.6

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version android-13.0.0_r7

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-20497

Good to know:

Date: December 12, 2022

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?