Headline
CVE-2022-36441: CVE-2022-36441 - Excellium Services
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.
Abstract Advisory Information
The Gboard used by the different application can be used to launch and use several other applications that are restricted by the admin.
Author: Valentin Giannini & Alexandre Guldner
Version affected
Name: Zebra Enterprise Home Screen
Versions: 4.1.19
Common Vulnerability Scoring System
7.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Patch
none
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36441
Vulnerability Disclosure Timeline
- 12/05/2022: Vulnerability discovery.
- 12/05/2022: Vulnerability Report to CERT-XLM.
- 13/05/2022: Vulnerability Report to Vendor through Bug bounty platform.
- 16/05/2022: Acknowledge from the vendor regarding 1st vulnerability.
- 24/06/2022: Vulnerability Report to Zebra Tech Support EMEA.
- 27/06/2022: Acknowledge from Zebra Tech Support EMEA.
- 08/07/2022: Update asked to vendor.
- 08/07/2022: Acknowledge from the vendor but the same answer.
- 22/07/2022: Request CVE ID to Mitre.
- 25/07/2022: CVE IDs assigned: CVE-2022-36441
- 05/08/2022: Second acknowledge from vendor with ticket number: 12763250
- 12/08/2022: Vendor claimed vulnerabilities are not worth fixing.
- 30/11/2022: Vulnerability disclosure
Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT