CVE-2019-14808 — MEDIUM (6.8)

Vulnerability Description

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Renpho	Renpho	3.0.0

Related Weaknesses (CWE)

CWE-319

References

http://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.Third Party AdvisoryVDB Entry
https://apps.apple.com/us/app/renpho/id1219889310Product
https://renpho.com/pages/contact-usVendor Advisory
http://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.Third Party AdvisoryVDB Entry
https://apps.apple.com/us/app/renpho/id1219889310Product
https://renpho.com/pages/contact-usVendor Advisory

FAQ

What is CVE-2019-14808?

CVE-2019-14808 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., ex...

How severe is CVE-2019-14808?

CVE-2019-14808 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14808?

Check the references section above for vendor advisories and patch information. Affected products include: Renpho Renpho.