What the vulnerability does
01Description
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.
CVSS base score
6.6/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Key dates
02Disclosure timeline
September 9, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-4194 D-Link DNS-1550-04 system_mgr.cgi cgi_set_wto access control
CVE-2020-25160 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
CVE-2026-39942 Directus has a Path Traversal and Broken Access Control in File Management API
CVE-2023-38167 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2025-41258 LibreChat RAG API Authentication Bypass
