CVE-2022-4903

CodenameOne implicit intent for sensitive communication

Description

A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.

References

Link	Tags
https://vuldb.com/?id.220470	vdb entry permissions required technical description
https://vuldb.com/?ctiid.220470	signature permissions required
https://github.com/codenameone/CodenameOne/issues/3583	patch issue tracking
https://github.com/codenameone/CodenameOne/commit/dad49c9ef26a598619fc48d2697151a02987d478	patch
https://github.com/codenameone/CodenameOne/releases/tag/7.0.71	patch release notes

Frequently Asked Questions

What is the severity of CVE-2022-4903?: CVE-2022-4903 has been scored as a medium severity vulnerability.
How to fix CVE-2022-4903?: To fix CVE-2022-4903, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-4903 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-4903 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-4903?: CVE-2022-4903 affects n/a CodenameOne.

Description

Categories

CWE-927 – Use of Implicit Intent for Sensitive Communication

CWE-668 – Exposure of Resource to Wrong Sphere

References

Frequently Asked Questions