exploitDog

CVE-2021-43388

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.

Ссылки

https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65
Vendor Advisory
https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:unisys:cargo_mobile:*:*:*:*:*:*:*:*

Версия до 1.2.29 (исключая)

EPSS

Процентиль: 36%

0.00151

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-6j73-7mgq-98hj

github

около 4 лет назад

Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.

EPSS

Процентиль: 36%

0.00151

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-312