CWE-927(Use of Implicit Intent for Sensitive Communication)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The Android application uses an implicit intent for transmitting sensitive data to other applications.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Mobile | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2025-48558 | 2025-09-04 | In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privile… |
| CVE-2024-3480 | 2024-05-03 | An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data. |
| CVE-2024-3108 | 2024-05-03 | An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. |
| CVE-2023-41828 | 2024-05-03 | An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. |
| CVE-2023-41826 | 2024-05-03 | A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permissio… |
| CVE-2023-41824 | 2024-05-03 | An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data. |
| CVE-2023-41820 | 2024-05-03 | An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. |
| CVE-2023-41817 | 2024-05-03 | An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information. |
| CVE-2023-47889 | 2024-02-05 | The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send u… |
| CVE-2023-44127 | 2023-09-27 | he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same devic… |
| CVE-2023-44124 | 2023-09-27 | The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceF… |
| CVE-2023-44122 | 2023-09-27 | The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideA… |
| CVE-2023-31014 | 2023-09-19 | NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer componen… |
| CVE-2022-4903 | 2023-02-10 | A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. I… |
| CVE-2022-36830 | 2022-08-05 | PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. |
| CVE-2022-36829 | 2022-08-05 | PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. |
| CVE-2022-33734 | 2022-08-05 | Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. |
| CVE-2022-33733 | 2022-08-05 | Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Demonstrative_Examples, Description, References |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated References |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Applicable_Platforms, Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Demonstrative_Examples |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Maintenance_Notes |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |