CWE-926 - Improper Export of Android Application Components
CWE-926
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Improper Export of Android Application Components
- Description
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
The attacks and consequences of improperly exporting a component may depend on the exported component:
- Common Consequences
Scope: Availability, Integrity
Impact: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Notes: Other applications, possibly untrusted, can launch the Activity.
Scope: Availability, Integrity
Impact: Unexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
Notes: Other applications, possibly untrusted, can bind to the Service.
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
Notes: Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.
- Related Weaknesses
- Release Date:
- 2013-07-17
- Latest Modification Date:
- 2023-06-29
Free security scan for your website