CVE-2023-21303

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 30, 2023
Updated: Nov 6, 2023
CWE ID 203

Summary

CVE-2023-21303 is a vulnerability that allows an attacker to determine whether an app is installed on a device without requiring query permissions. The vulnerability arises from side channel information disclosure, which can lead to local information disclosure without the need for additional execution privileges or user interaction. This vulnerability affects multiple products, including tzDcWF, bQe5zt, YLUeDN, QtrBOA, QtrBOB, QtrBOC, QtrBOD, QtrBOE, S2UeH4, nmhzcg, mmOpcJ, oImSWu, oImSWt, QtrBNo, dVxX2C, lAMRr5, QtrBNp, QtrBNq, and others. The potential danger posed by this vulnerability is high confidentiality impact. To remediate the vulnerability and mitigate the risk it poses to organizations, affected products should release patches or updates that address the side channel information disclosure issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-21303 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options