Information disclosure in Diibear App - CVE-2020-35454

 

Information disclosure in Diibear App - CVE-2020-35454

Published: March 18, 2021


Vulnerability identifier: #VU51570
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-35454
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Taidii Pte
Affected software:
Diibear App

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to insecure application configuration flaw. An attacker with physical access can gain unauthorized access to sensitive information on the system.


How to mitigate CVE-2020-35454

Install updates from vendor's website.

Sources