Information disclosure in Diibear App - CVE-2020-35454
Published: March 18, 2021
Vulnerability identifier: #VU51570
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-35454
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Taidii Pte
Affected software:
Diibear App
Diibear App
Detailed vulnerability description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to insecure application configuration flaw. An attacker with physical access can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2020-35454
Install updates from vendor's website.