PT-2021-14276 · Inbody · Inbody App For Ios+2

Daiki Ichinose

Published

2021-10-13

Updated

2022-07-12

CVE-2021-20832

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: InBody App for iOS versions prior to 2.3.30 InBody App for Android versions prior to 2.2.90(510)

Description: The issue may lead to information disclosure when the InBody App is used with the body composition analyzer InBody Dial. This could allow an attacker who connects to the InBody Dial using the InBody App to obtain a victim's measurement results.

Recommendations: For InBody App for iOS versions prior to 2.3.30, update to version 2.3.30 or later. For InBody App for Android versions prior to 2.2.90(510), update to version 2.2.90(510) or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-20832

Affected Products

Inbody App For Android

Inbody App For Ios

Inbody Dial

PT-2021-14276 · Inbody · Inbody App For Ios+2

CVE-2021-20832

Weakness Enumeration

Related Identifiers

Affected Products

References · 4