Vulnerability Description
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tiktok | Tiktok | 12.2.0 |
| Apple | Iphone Os | - |
| Android | - |
Related Weaknesses (CWE)
References
- http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpegNot Applicable
- http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~nooNot Applicable
- https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdfThird Party Advisory
- https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_USProduct
- http://p16.muscdn.com/img/musically-maliva-obj/1626792871331845~c5_100x100.jpegNot Applicable
- http://p16.muscdn.com/img/tos-maliva-p-0068/d9e7889f4f2d43028b41947cb0950c32~nooNot Applicable
- https://github.com/MelroyB/CVE-2019-14319/blob/master/CVE%202019-14319%20.pdfThird Party Advisory
- https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_USProduct
FAQ
What is CVE-2019-14319?
CVE-2019-14319 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information...
How severe is CVE-2019-14319?
CVE-2019-14319 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14319?
Check the references section above for vendor advisories and patch information. Affected products include: Tiktok Tiktok, Apple Iphone Os, Google Android.