CVE-2024-38480
4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kakao piccoma Corp. | “Piccoma” App for Android | prior to 6.20.0 | affected |
| Kakao piccoma Corp. | “Piccoma” App for iOS | prior to 6.20.0 | affected |
Weaknesses
- Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://play.google.com/store/apps/details?id=jp.kakao.piccoma
- https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
- https://jvn.jp/en/jp/JVN01073312/
References
- https://play.google.com/store/apps/details?id=jp.kakao.piccoma
- https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
- https://jvn.jp/en/jp/JVN01073312/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.