CVE-2019-6024

Опубликовано: 26 дек. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

Ссылки

http://jvn.jp/en/jp/JVN41566067/index.html
Third Party Advisory
VDB Entry
https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998
Product
Release Notes
https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en
Product
http://jvn.jp/en/jp/JVN41566067/index.html
Third Party Advisory
VDB Entry
https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998
Product
Release Notes
https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rakuten:rakuma:*:*:*:*:*:android:*:*

Версия до 7.15.0 (включая)

cpe:2.3:a:rakuten:rakuma:*:*:*:*:*:iphone_os:*:*

Версия до 7.16.4 (включая)

EPSS

Процентиль: 57%

0.00346

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-x46h-3pq4-653x

github

больше 3 лет назад