CVE-2026-5452

UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key

Assigner: VulDB
Reserved: 02.04.2026 Published: 03.04.2026 Updated: 03.04.2026

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. The exploit has been published and may be used.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 4.8

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
CVSS Score: 3.3

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
CVSS Score: 3.3

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.0

CVSS Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
CVSS Score: 1.7

Access Vector	Local	Confidentiality Impact	Partial
Access Complexity	Low	Integrity Impact	None
Authentication	Single	Availability Impact	None

CVSS 2.0

Product Status

Vendor	UCC
Product	CampusConnect App
Versions	Version 14.3.0 is affected Version 14.3.1 is affected Version 14.3.2 is affected Version 14.3.3 is affected Version 14.3.4 is affected Version 14.3.5 is affected

Vendor

UCC

Product

CampusConnect App

Versions

Version 14.3.0 is affected
Version 14.3.1 is affected
Version 14.3.2 is affected
Version 14.3.3 is affected
Version 14.3.4 is affected
Version 14.3.5 is affected

Credits

fxizenta (VulDB User) reporter

References

Problem Types