PT-2024-28781 · Unknown · Com.Cascadialabs.Who
Joe Cho
·
Published
2024-08-05
·
Updated
2024-10-28
·
CVE-2024-40096
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
com.cascadialabs.who (aka Who - Caller ID, Spam Block) version 15.0
Description
The issue concerns the placement of sensitive information in the system log by the application.
Recommendations
For version 15.0, consider restricting access to system logs to minimize the risk of sensitive information exposure until a patch is available.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Com.Cascadialabs.Who