exploitDog

CVE-2018-5298

Опубликовано: 08 янв. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.

Ссылки

https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html
Third Party Advisory
https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pg:oral-b_app:5.0.0:*:*:*:*:android:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-3hj5-hhq7-f54x

CVSS3: 7.5

github

больше 3 лет назад

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.

EPSS

Процентиль: 23%

0.00075

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-326