CVE-2023-0654

LOW Year: 2023
CVSS v3 Score
3.7
Low
Weakness Type
CWE-1021
View all →

Vulnerability Description

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

Related Vulnerabilities

CVE-2024-30109

LOW
CVSS:3.7(Low)

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link ...

CWE-10212024

CVE-2022-20226

LOW
CVSS:3.9(Low)

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges ne...

CWE-10212022

CVE-2023-0780

MEDIUM
CVSS:4.0(Medium)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

CWE-10212023

CVE-2021-33596

MEDIUM
CVSS:4.1(Medium)

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requir...

CWE-10212021

CVE-2021-0992

LOW
CVSS:3.3(Low)

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no ...

CWE-10212021

CVE-2024-20810

LOW
CVSS:3.3(Low)

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

CWE-10212024