Jacksessions

Name of the Vulnerable Software and Affected Versions: Lotus Cars Android App version 1.2.8 Description: The Lotus Cars Android app (com.lotus.carsdomestic.intl) version 1.2.8 contains an exported component, `PushDeepLinkActivity`, which is accessible without authentication via ADB or malicious apps. This can lead to unintended access to application internals, potentially causing denial of service or logic abuse. Recommendations: Update to a newer version of the Lotus Cars Android App that addresses this issue.

Name of the Vulnerable Software and Affected Versions: Lotus Cars Android app (com.lotus.carsdomestic.intl) version 1.2.8 Description: The Lotus Cars Android app allows data exfiltration via ADB backup on rooted or debug-enabled devices due to the `allowBackup=true` flag being set in its manifest. This poses a risk of user data exposure. Recommendations: For version 1.2.8, disable or restrict the use of the application on rooted or debug-enabled devices to mitigate the risk of data exfiltration. Consider removing the `allowBackup=true` flag in a future application update.