How severe is CVE-2020-8913?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-8913?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2020-8913 - HIGH Severity | CVSS 8.8

Vulnerability Description

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.

Related Vulnerabilities

CVE-2017-8590

HIGH

CVSS:8.8(High)

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation ...

CWE-2812017

CVE-2019-13682

HIGH

CVSS:8.8(High)

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CWE-2812019

CVE-2019-13727

HIGH

CVSS:8.8(High)

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CWE-2812019

CVE-2019-14841

HIGH

CVSS:8.8(High)

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Conso...

CWE-2812019

CVE-2019-18457

HIGH

CVSS:8.8(High)

An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.

CWE-2812019

CVE-2021-32465

HIGH

CVSS:8.8(High)

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affe...

CWE-2812021