CVE-2022-23835

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.kb.cert.org/vuls/id/383864", "name": "https://www.kb.cert.org/vuls/id/383864", "tags": [], "refsource": "MISC"}, {"url": "https://gitlab.com/kop316/vvm-disclosure", "name": "https://gitlab.com/kop316/vvm-disclosure", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a \"concrete and exploitable risk.\""}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-23835", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2022-02-25T04:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-25T12:57Z"}