SB2021031819 - Multiple vulnerabilities in Taidii Diibear App for Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021031819

SB2021031819 - Multiple vulnerabilities in Taidii Diibear App for Android

Published: March 18, 2021

Security Bulletin ID SB2021031819
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2020-35456)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to an excessive logging flaw. A local attacker can send a specially crafted request using logcat to obtain private chat messages and media files.


2) Information disclosure (CVE-ID: CVE-2020-35455)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to insecure data storage flaw. A local attacker can gain unauthorized access to sensitive information on the system.


3) Information disclosure (CVE-ID: CVE-2020-35454)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to insecure application configuration flaw. An attacker with physical access can gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References