How severe is CVE-2022-20497?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2022-20497?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-20497 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979

Related Vulnerabilities

CVE-2015-7846

MEDIUM

CVSS:4.6(Medium)

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.

CWE-2002015

CVE-2015-7946

MEDIUM

CVSS:4.6(Medium)

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency diale...

CWE-2002015

CVE-2016-3145

MEDIUM

CVSS:4.6(Medium)

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows phy...

CWE-2002016

CVE-2016-4595

MEDIUM

CVSS:4.6(Medium)

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

CWE-2002016

CVE-2016-7060

MEDIUM

CVSS:4.6(Medium)

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the di...

CWE-2002016

CVE-2016-7634

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are local...

CWE-2002016