Lucene search

K
cvelistJpcertCVELIST:CVE-2024-23453
HistoryJan 23, 2024 - 11:12 p.m.

CVE-2024-23453

2024-01-2323:12:43
jpcert
www.cve.org
android spoon
hard-coded credentials
api key
service access

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

CNA Affected

[
  {
    "vendor": "Spoon Radio Japan Inc.",
    "product": "Android Spoon application",
    "versions": [
      {
        "version": "version 7.11.1 to 8.6.0",
        "status": "affected"
      }
    ]
  }
]

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVELIST:CVE-2024-23453