Main Vulnerability Database Vulnerabilities #VU70635

#VU70635 Security features bypass in ownCloud Android App - CVE-2022-25338

Published: January 3, 2023

Vulnerability identifier: #VU70635

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-25338

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ownCloud Android App

Software vendor:
ownCloud

Description

The vulnerability allows an attacker to bypass implemented security features.

The vulnerability exists due to unspecified error in the app lock functionality. An attacker with physical access to device can bypass the app lock and gain unauthorized access to the application.

Remediation

Install update from vendor's website.

External links

https://owncloud.com/security-advisories/cve-2022-25338/