Information disclosure in InBody App for iOS and InBody App for Android - CVE-2021-20832

 

Information disclosure in InBody App for iOS and InBody App for Android - CVE-2021-20832

Published: September 29, 2021


Vulnerability identifier: #VU56906
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-20832
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: InBody Japan Inc
Affected software:
InBody App for iOS
InBody App for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application when InBody App works with the body composition analyzer InBody Dial. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.


How to mitigate CVE-2021-20832

Install updates from vendor's website.

Sources