First published: Mon May 06 2019(Updated: )
Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Qualcomm Mdm9206 Firmware | ||
Qualcomm Mdm9206 | ||
Qualcomm Mdm9607 Firmware | ||
Qualcomm Mdm9607 | ||
Qualcomm Mdm9650 Firmware | ||
Qualcomm Mdm9650 | ||
Qualcomm Msm8909w Firmware | ||
Qualcomm Msm8909w | ||
Qualcomm Msm8996au Firmware | ||
Qualcomm Msm8996au | ||
Qualcomm Qca6574au Firmware | ||
Qualcomm Qca6574au | ||
Qualcomm Qcs605 Firmware | ||
Qualcomm Qcs605 | ||
Qualcomm Sd 210 Firmware | ||
Qualcomm Sd 210 | ||
Qualcomm Sd 212 Firmware | ||
Qualcomm Sd 212 | ||
Qualcomm Sd 205 Firmware | ||
Qualcomm Sd 205 | ||
Qualcomm Sd 615 Firmware | ||
Qualcomm Sd 615 | ||
Qualcomm Sd 616 Firmware | ||
Qualcomm Sd 616 | ||
Qualcomm Sd 415 Firmware | ||
Qualcomm Sd 415 | ||
Qualcomm Sd 636 Firmware | ||
Qualcomm Sd 636 | ||
Qualcomm Sd 650 Firmware | ||
Qualcomm Sd 650 | ||
Qualcomm Sd 652 Firmware | ||
Qualcomm Sd 652 | ||
Qualcomm Sd 675 Firmware | ||
Qualcomm Sd 675 | ||
Qualcomm Sd 712 Firmware | ||
Qualcomm Sd 712 | ||
Qualcomm Sd 710 Firmware | ||
Qualcomm Sd 710 | ||
Qualcomm Sd 670 Firmware | ||
Qualcomm Sd 670 | ||
Qualcomm Sd 730 Firmware | ||
Qualcomm Sd 730 | ||
Qualcomm Sd 820 Firmware | ||
Qualcomm Sd 820 | ||
Qualcomm Sd 820a Firmware | ||
Qualcomm Sd 820a | ||
Qualcomm Sd 835 Firmware | ||
Qualcomm Sd 835 | ||
Qualcomm Sd 845 Firmware | ||
Qualcomm Sd 845 | ||
Qualcomm Sd 850 Firmware | ||
Qualcomm Sd 850 | ||
Qualcomm Sd 855 Firmware | ||
Qualcomm Sd 855 | ||
Qualcomm Sda660 Firmware | ||
Qualcomm Sda660 | ||
Qualcomm Sdm630 Firmware | ||
Qualcomm Sdm630 | ||
Qualcomm Sdm660 Firmware | ||
Qualcomm Sdm660 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-13901 is a vulnerability that can lead to sensitive information disclosure in the PCI RCS app in various Qualcomm products running Android.
CVE-2018-13901 has a severity level of high with a CVSS score of 5.5.
CVE-2018-13901 affects the PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.
To fix the sensitive information disclosure issue in the affected products, it is recommended to apply the necessary security patches provided by Qualcomm and Google.
You can find more information about CVE-2018-13901 on the Qualcomm Product Security Bulletins and Android Security Bulletins websites.