Lucene search

[email protected]NVD:CVE-2024-40096

HistoryAug 05, 2024 - 10:15 a.m.

CVE-2024-40096

2024-08-0510:15:33

CWE-532

[email protected]

web.nvd.nist.gov

android

app security

sensitive information

system log

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.4%

JSON

The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.

Affected configurations

Nvd

Node

rd_labs_llcwhoMatch15.0android

VendorProductVersionCPE
rd_labs_llcwho15.0cpe:2.3:a:rd_labs_llc:who:15.0:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
rd_labs_llc	who	15.0	cpe:2.3:a:rd_labs_llc:who:15.0:::::android::

References

www.quokka.io/blog/critical-pii-exposure-in-who-caller-id-spam-block-app

www.quokka.io/critical-vulnerabilities-exploits-cve

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.4%

JSON

Related for NVD:CVE-2024-40096

cve1 cvelist1 vulnrichment1