Lucene search

MitreCVE-2024-40096

HistoryAug 05, 2024 - 10:15 a.m.

CVE-2024-40096

2024-08-0510:15:33

CWE-532

mitre

web.nvd.nist.gov

android app

sensitive information

system log

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.4%

JSON

The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.

Affected configurations

Nvd

Node

rd_labs_llcwhoMatch15.0android

VendorProductVersionCPE
rd_labs_llcwho15.0cpe:2.3:a:rd_labs_llc:who:15.0:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
rd_labs_llc	who	15.0	cpe:2.3:a:rd_labs_llc:who:15.0:::::android::

References

www.quokka.io/blog/critical-pii-exposure-in-who-caller-id-spam-block-app

www.quokka.io/critical-vulnerabilities-exploits-cve

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-40096