6.5

CVE-2019-14319

The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TiktokTiktok Version12.2.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.3.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.4.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.5.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.6.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.6.1
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.7.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
TiktokTiktok Version12.8.0
   AppleiPhone OS Version-
   GoogleAndroid Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.45% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.