CVE-2018-11242 — MEDIUM (6.5)

Vulnerability Description

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Makemytrip	Makemytrip	7.2.4

Related Weaknesses (CWE)

CWE-312

References

https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1Third Party Advisory
https://www.exploit-db.com/exploits/44690/ExploitThird Party AdvisoryVDB Entry
https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1Third Party Advisory
https://www.exploit-db.com/exploits/44690/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-11242?

CVE-2018-11242 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as dem...

How severe is CVE-2018-11242?

CVE-2018-11242 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-11242?

Check the references section above for vendor advisories and patch information. Affected products include: Makemytrip Makemytrip.