PT-2012-1946 · Nimbuzz · Nimbuzz
Daoyuan Wu
+2
·
Publicado
2012-01-25
·
Atualizado
2012-01-25
·
CVE-2011-4702
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Nimbuzz versions 2.0.8 and 2.0.10
Description
The issue allows remote attackers to read or modify a contact list via a crafted application, due to improper data protection in the Nimbuzz application for Android.
Recommendations
For version 2.0.8, update to a version that properly protects data to prevent unauthorized access to the contact list.
For version 2.0.10, update to a version that properly protects data to prevent unauthorized access to the contact list.
As a temporary workaround, consider restricting access to the contact list until a patch is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nimbuzz