Lucene search

MitreCVE-2019-17398

HistoryOct 15, 2019 - 9:15 p.m.

CVE-2019-17398

2019-10-1521:15:10

CWE-532

mitre

web.nvd.nist.gov

dark horse comics

android

cve-2019-17398

logcat

authentication

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.007

Percentile

79.7%

JSON

In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.

Affected configurations

Nvd

Node

darkhorsedark_horse_comicsMatch1.3.21android

VendorProductVersionCPE
darkhorsedark_horse_comics1.3.21cpe:2.3:a:darkhorse:dark_horse_comics:1.3.21:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
darkhorse	dark_horse_comics	1.3.21	cpe:2.3:a:darkhorse:dark_horse_comics:1.3.21:::::android::

References

pastebin.com/5ZDDCqgL

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.007

Percentile

79.7%

JSON

Related for CVE-2019-17398