9.8

CVE-2016-6548

Exploit

EPSS 3.71%
Veröffentlicht 13.07.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 02:56:20
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nutspace ≫ Nut Mobile Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.71%	0.883

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

Third Party Advisory

Exploit

https://www.kb.cert.org/vuls/id/402847

Third Party Advisory

US Government Resource

https://www.securityfocus.com/bid/93877

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-6548

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6548

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6548

EUVD