CVE-2024-38480

CVSS 4 MEDIUMEPSS 0.2%CWE-798

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

Kakao piccoma Corp. · "Piccoma" App for Android Kakao piccoma Corp. · "Piccoma" App for iOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983 https://jvn.jp/en/jp/JVN01073312/https://play.google.com/store/apps/details?id=jp.kakao.piccoma