Main Vulnerability Database SB2021071412

SB2021071412 - Multiple vulnerabilities in Retty App

Published: July 14, 2021

Security Bulletin ID SB2021071412

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authorization in Handler for Custom URL Scheme (CVE-ID: CVE-2021-20747)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected app is launched by Custom URL Scheme. A remote attacker can trick a victim to access an arbitrary URL.

2) Use of hard-coded credentials (CVE-ID: CVE-2021-20748)

The vulnerability allows a local attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can analyze the data in the App and obtain the API key for external services.

Remediation

Install update from vendor's website.

SB2021071412 - Multiple vulnerabilities in Retty App

Breakdown by Severity

Description

Remediation

References

Please verify you're human