ByteOS Network

NVD Vulnerability Details :

CVE-2019-6024

Analyzed

Source-vultures@jpcert.or.jp

Published At-26 Dec, 2019 | 16:15

Updated At-02 Jan, 2020 | 19:32

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

rakuten>>rakuma>>Versions up to 7.15.0(inclusive)

cpe:2.3:a:rakuten:rakuma:*:*:*:*:*:android:*:*

rakuten>>rakuma>>Versions up to 7.16.4(inclusive)

cpe:2.3:a:rakuten:rakuma:*:*:*:*:*:iphone_os:*:*

Weaknesses

CWE ID	Type	Source
CWE-522	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://jvn.jp/en/jp/JVN41566067/index.html	vultures@jpcert.or.jp	Third Party Advisory VDB Entry
https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998	vultures@jpcert.or.jp	Product Release Notes
https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en	vultures@jpcert.or.jp	Product

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History