Описание
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
Ссылки
- Third Party Advisory
- ExploitMailing ListThird Party Advisory
- Product
- Third Party Advisory
- ExploitMailing ListThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 13.83 (исключая)
cpe:2.3:a:nationaledtech:boomerang:*:*:*:*:*:android:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
4.6 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284
Связанные уязвимости
CVSS3: 4.6
github
больше 2 лет назад
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
EPSS
Процентиль: 22%
0.00071
Низкий
4.6 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284