CVE-2021-43388: Vulnerability Report - Unisys Cargo

Unisys ID:

UIS-2021-5

Status:

Published

CVE-ID:

CVE-2021-43388

Affected Product:

Unisys Cargo Mobile Application

Affected Version:

1.2.28

Impact:

LOW

CVSS v3.1 Base Score:

3.9

CVSS v3.1 Vector:

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N v3 Calculator

CVSS v2.0 Base Score:

3.9

CVSS v2.0 Vector:

AV:N/AC:H/Au:S/C:N/I:N/A:N v2 Calculator

Common Weakness Enumeration (CWE):

CWE-312

Common Platform Enumeration (CPE):

cpe:2.3:a:UnisysCargo:1.2.28

Source:

Internal Reported

Keyword(s):

Vulnerability Description:

Checks to determine whether the allowBackup flag within the Android Manifest is set to False. If this flag is enabled, it could allow easier access to the application files stored on the device.

System Configuration:

Android 7 and above with screen size of more than 5.5 inches.

Impact of Exploiting Vulnerability:

A backup of the data could leak private data.

Remediation Description:

Fixed in version 1.2.29.

Workaround Information:

N/A

References:

N/A

Additional Vendor Comment:

N/A

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.