CVE-2024-53683

Summary

A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use.

Affected Software

VendorProductVersion RangeStatus
OssurMobile Logic Application0 < 1.5.5affected

Weaknesses

  • CWE-497: CWE-497

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References