CVE-2023-36620

MEDIUM Year: 2023
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.

Related Vulnerabilities

CVE-2015-8512

MEDIUM
CVSS:4.6(Medium)

The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering...

CWE-2842015

CVE-2016-4032

MEDIUM
CVSS:4.6(Medium)

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I...

CWE-2842016

CVE-2016-6769

MEDIUM
CVSS:4.6(Medium)

An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physica...

CWE-2842016

CVE-2022-25831

MEDIUM
CVSS:4.6(Medium)

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

CWE-2842022

CVE-2022-36851

MEDIUM
CVSS:4.6(Medium)

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

CWE-2842022

CVE-2022-39900

MEDIUM
CVSS:4.6(Medium)

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder th...

CWE-2842022