|
| |
| Unisys ID: |
UIS-2021-5 |
| Status: |
Published |
| CVE-ID: |
CVE-2021-43388 |
| Affected Product: |
Unisys Cargo Mobile Application |
| Affected Version: |
1.2.28 |
| Impact: |
LOW |
| CVSS v3.1 Base Score: |
3.9 |
| CVSS v3.1 Vector: |
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
v3 Calculator |
| CVSS v2.0 Base Score: |
3.9 |
| CVSS v2.0 Vector: |
AV:N/AC:H/Au:S/C:N/I:N/A:N
v2 Calculator |
| Common Weakness Enumeration (CWE):  |
CWE-312 |
| Common Platform Enumeration (CPE):  |
cpe:2.3:a:UnisysCargo:1.2.28 |
| Source: |
Internal Reported |
| Keyword(s): |
|
| Vulnerability Description: |
| Checks to determine whether the allowBackup flag within the Android Manifest is set to False. If this flag is enabled, it could allow easier access to the application files stored on the device. |
| System Configuration: |
| Android 7 and above with screen size of more than 5.5 inches. |
| Impact of Exploiting Vulnerability: |
| A backup of the data could leak private data. |
| Remediation Description: |
| Fixed in version 1.2.29. |
| Workaround Information: |
| N/A |
| References: |
| N/A |
| Additional Vendor Comment: |
| N/A |