PT-2023-12420 · Unknown · App Lounge

Nervuri

Published

2023-08-22

Updated

2023-08-29

CVE-2021-43171

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions App Lounge versions prior to 0.19q

Description The issue arises from improper verification of applications' cryptographic signatures in the App Lounge client. This allows attackers who control the application server to install malicious applications on users' systems by altering the server's API response.

Recommendations For versions prior to 0.19q, update to version 0.19q or later to resolve the issue. As a temporary workaround, consider restricting access to the App Lounge client until the update is applied.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2021-43171

Affected Products

App Lounge

PT-2023-12420 · Unknown · App Lounge

CVE-2021-43171

Weakness Enumeration

Related Identifiers

Affected Products

References · 5