How severe is CVE-2021-0704?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-0704?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2021-0704 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675

Related Vulnerabilities

CVE-2020-16910

MEDIUM

CVSS:5.5(Medium)

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firm...

CWE-2812020

CVE-2021-30912

MEDIUM

CVSS:5.5(Medium)

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access ...

CWE-2812021

CVE-2021-35079

MEDIUM

CVSS:5.5(Medium)

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...

CWE-2812021

CVE-2021-43708

MEDIUM

CVSS:5.5(Medium)

The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.

CWE-2812021

CVE-2022-22650

MEDIUM

CVSS:5.5(Medium)

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's p...

CWE-2812022

CVE-2022-31755

MEDIUM

CVSS:5.5(Medium)

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

CWE-2812022