Refine your search
1 vulnerability found for quick app framework by Xiaomi
CVE-2024-45353 (GCVE-0-2024-45353)
Vulnerability from cvelistv5
Published
2025-03-27 06:12
Modified
2025-03-27 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | quick app framework |
Version: quick app framework 1.30.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:18:18.395375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:18:37.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "quick app framework",
"vendor": "Xiaomi",
"versions": [
{
"status": "affected",
"version": "quick app framework 1.30.2.1"
}
]
}
],
"datePublic": "2025-02-21T06:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction. \u003cbr\u003e"
}
],
"value": "An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T06:12:57.059Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=551"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "quick App has intent redriction vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2024-45353",
"datePublished": "2025-03-27T06:12:57.059Z",
"dateReserved": "2024-08-28T02:24:34.839Z",
"dateUpdated": "2025-03-27T14:18:37.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}