{"api_version":"1","generated_at":"2026-04-23T00:59:38+00:00","cve":"CVE-2021-0702","urls":{"html":"https://cve.report/CVE-2021-0702","api":"https://cve.report/api/cve/CVE-2021-0702.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0702","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0702"},"summary":{"title":"CVE-2021-0702","description":"In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-10-22 14:15:00","updated_at":"2021-10-26 23:02:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2021-10-01","name":"https://source.android.com/security/bulletin/2021-10-01","refsource":"MISC","tags":[],"title":"Android Security Bulletin—October 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0702","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0702","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"702","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0702","qid":"610373","title":"Google Android Devices October 2021 Security Patch Missing"},{"cve":"CVE-2021-0702","qid":"610375","title":"Google Android October 2021 Security Patch Missing for Samsung"},{"cve":"CVE-2021-0702","qid":"610376","title":"Google Android October 2021 Security Patch Missing for LGE"},{"cve":"CVE-2021-0702","qid":"610381","title":"Google Android November 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0702","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2021-10-01","url":"https://source.android.com/security/bulletin/2021-10-01"}]},"description":{"description_data":[{"lang":"eng","value":"In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765"}]}},"nvd":{"publishedDate":"2021-10-22 14:15:00","lastModifiedDate":"2021-10-26 23:02:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"702","Ordinal":"190404","Title":"CVE-2021-0702","CVE":"CVE-2021-0702","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"702","Ordinal":"1","NoteData":"In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765","Type":"Description","Title":null},{"CveYear":"2021","CveId":"702","Ordinal":"2","NoteData":"2021-10-22","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"702","Ordinal":"3","NoteData":"2021-10-22","Type":"Other","Title":"Modified"}]}}}