PT-2021-23824 · Unisys · Unisys Cargo Mobile Application

Published

2021-12-14

Updated

2021-12-16

CVE-2021-43388

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Unisys Cargo Mobile Application versions prior to 1.2.29

Description The issue concerns the storage of sensitive information in cleartext, which could be exposed through a backup. This is addressed by setting the allowBackup flag in the manifest to False.

Recommendations For versions prior to 1.2.29, ensure the allowBackup flag in the manifest is set to False to prevent sensitive information from being stored in cleartext and potentially revealed in a backup.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2021-43388

Affected Products

Unisys Cargo Mobile Application

PT-2021-23824 · Unisys · Unisys Cargo Mobile Application

CVE-2021-43388

Weakness Enumeration

Related Identifiers

Affected Products

References · 4