CVE-2020-5667 — MEDIUM (5.5)

Q: How severe is CVE-2020-5667?

CVE-2020-5667 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5667?

Check the references section above for vendor advisories and patch information. Affected products include: Wantedlyinc Studyplus.

Vulnerability Description

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Wantedlyinc	Studyplus	<= 6.3.7

Related Weaknesses (CWE)

CWE-798

References

https://jvn.jp/en/jp/JVN00414047/index.htmlThird Party Advisory
https://jvn.jp/en/jp/JVN00414047/index.htmlThird Party Advisory

FAQ

What is CVE-2020-5667?

CVE-2020-5667 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external s...

How severe is CVE-2020-5667?

CVE-2020-5667 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5667?

Check the references section above for vendor advisories and patch information. Affected products include: Wantedlyinc Studyplus.