CVE-2019-6024

EPSS 2.04%
Veröffentlicht 26.12.2019 16:15:12
Zuletzt bearbeitet 21.11.2024 04:45:56
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rakuten ≫ Rakuma SwPlatformandroid Version <= 7.15.0

Rakuten ≫ Rakuma SwPlatformiphone_os Version <= 7.16.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.04%	0.786

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://jvn.jp/en/jp/JVN41566067/index.html

Third Party Advisory

VDB Entry

https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998

Product

Release Notes

https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en

Product

https://nvd.nist.gov/vuln/detail/CVE-2019-6024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6024

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-6024