6.5

CVE-2019-14319

The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TiktokTiktok Version12.2.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.3.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.4.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.5.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.6.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.6.1
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.7.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.8.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.06% 0.603
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpeg
Not Applicable
http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~noop.image
Not Applicable
https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdf
Third Party Advisory
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US
Product