CVE-2024-38480

Summary

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Kakao piccoma Corp.“Piccoma” App for Androidprior to 6.20.0affected
Kakao piccoma Corp.“Piccoma” App for iOSprior to 6.20.0affected

Weaknesses

  • Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References