CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18977

HIGH
7.5
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile17.45th
PublishedMay 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation.

Affected Platforms (CPE)

📦
Ascensia

Contour Diabetes

< 2.5.0

References & Advisories

🔗 https://depthsecurity.com/blog/medical-exploitation-you-are-now-diabetic
🔗 https://depthsecurity.com/blog/medical-exploitation-you-are-now-diabetic

Related Vulnerabilities

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2018-100064410.0

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files...

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2018-100065110.0

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidenti...