CWE-926Improper Export of Android Application Components

PUBLISHEDweakness record
released 2013-07-17 · last modified 2025-12-11

Metadata

CWE ID:
CWE-926
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2013-07-17
更新日期:
2025-12-11

名称

Improper Export of Android Application Components

描述

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

The attacks and consequences of improperly exporting a component may depend on the exported component:

常见后果

范围:
Availability, Integrity
影响:
Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
注释:
Other applications, possibly untrusted, can launch the Activity.
范围:
Availability, Integrity
影响:
Unexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context
注释:
Other applications, possibly untrusted, can bind to the Service.
范围:
Confidentiality, Integrity
影响:
Read Application Data, Modify Application Data
注释:
Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.

相关 CWE