Improper Access Control in IBM Navigator Mobile for Android Apps
CVE-2022-38388

4MEDIUM

Key Information:

Vendor: IBM
Status: Navigator Mobile
Vendor: CVE Published:; 11 October 2022

Summary

The IBM Navigator Mobile app for Android versions 3.4.1.1 and 3.4.1.2 has a vulnerability that could enable local users to gain unauthorized access to sensitive information. This flaw arises from improper access control measures within the application, potentially allowing users with physical access to the device to exploit this weakness. Users are advised to update to the latest version and review security practices to protect sensitive data.

Affected Version(s)

Navigator Mobile 3.4.1.1

Navigator Mobile 3.4.1.2

References

https://www.ibm.com/support/pages/node/6828469

https://exchange.xforce.ibmcloud.com/vulnerabilities/233968

vdb-entry

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Aug 16, 2022