Information Disclosure Vulnerability in Lenovo App Store
CVE-2022-3611

7.6HIGH

Key Information:

Vendor: Lenovo
Status: App Store
Vendor: CVE Published:; 27 October 2023

Summary

An information disclosure vulnerability has been identified in the Lenovo App Store. This flaw could allow specific applications to gain unauthorized access to sensitive user data utilized by other unrelated applications, potentially compromising the privacy and security of users. It highlights the need for robust security measures to prevent data leaks and ensure that applications operate within their intended security boundaries.

Affected Version(s)

App Store < 11.8.0

References

https://iknow.lenovo.com.cn/detail/205280.html

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 19, 2022

Credit

Lenovo thanks Yu Junfeng for reporting this issue.