CVE-2021-0672 — Vulnetix

CVE-2021-0672 PUBLISHED CVSS 5.5 MEDIUM

In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05969704; Issue ID: ALPS05969704.

EPSS 0.02% · 3.5th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.02%

3.5th percentile

Affected Products

Vendor	Product	Versions
n/a	Android	Android SoC
google	android	8.1, 10.0, 9.0

Exploit Intelligence

https://source.android.com/security/bulletin/2021-11-01 (circl)

Timeline

Nov 2, 2021 CVE Published
Nov 19, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 13, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 4, 2022 EPSS Score
Jun 28, 2022 EPSS Score
Aug 23, 2022 EPSS Score
Oct 17, 2022 EPSS Score
Dec 12, 2022 EPSS Score
Feb 5, 2023 EPSS Score

References

https://source.android.com/security/bulletin/2021-11-01 url
https://source.android.com/security/bulletin/pixel/2021-11-01 advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-0672 advisory
https://corp.mediatek.com/product-security-bulletin/November-2021 url

Open in Interactive Console →