Main Vulnerability Database Vulnerabilities #VU56906

#VU56906 Information disclosure in InBody App for iOS and InBody App for Android - CVE-2021-20832

Published: September 29, 2021

Vulnerability identifier: #VU56906

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-20832

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
InBody App for iOS
InBody App for Android

Software vendor:
InBody Japan Inc

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application when InBody App works with the body composition analyzer InBody Dial. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/jp/JVN63023305/index.html

#VU56906 Information disclosure in InBody App for iOS and InBody App for Android - CVE-2021-20832

Description

Remediation

External links

Please verify you're human