CVE-2016-3884

medium

Description

server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441.

References

https://android.googlesource.com/platform/frameworks/base/+/61e9103b5725965568e46657f4781dd8f2e5b623

http://www.securitytracker.com/id/1036763

http://www.securityfocus.com/bid/92875

http://source.android.com/security/bulletin/2016-09-01.html

Details

Source: Mitre, NVD

Published: 2016-09-11

Updated: 2026-05-06

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00059