| Vulnerability Name: | CVE-2016-6710 (CCN-119490) | ||||||||||||||||
| Assigned: | 2016-11-17 | ||||||||||||||||
| Published: | 2016-11-17 | ||||||||||||||||
| Updated: | 2019-05-30 | ||||||||||||||||
| Summary: | An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Android ID: A-30537115. | ||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2016-6710 Source: BID Type: Third Party Advisory, VDB Entry 94170 Source: CCN Type: BID-94170 Google Android Download Manager CVE-2016-6710 Information Disclosure Vulnerability Source: XF Type: UNKNOWN android-cve20166710-info-disc(119490) Source: CCN Type: Android Open Source Project Android Security BulletinNovember 2016 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2016-11-01.html Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-6710 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||