cvelist/2019/5xxx/CVE-2019-5626.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve@rapid7.com",
        "ID": "CVE-2019-5626",
        "STATE": "PUBLIC",
        "TITLE": "BlueCats Reveal Android App Insecure Storage"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "BlueCats",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Reveal",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "before 3.0.19"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "This vulnerability was discovered by Rapid7 researcher Deral Heiland."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.6"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-922: Insecure Storage of Sensitive Information"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/",
                "name": "https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/"
            },
            {
                "refsource": "MISC",
                "url": "https://play.google.com/store/apps/details?id=com.bluecats.bcreveal",
                "name": "https://play.google.com/store/apps/details?id=com.bluecats.bcreveal"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Users should update their BlueCats Reveal app to v3.0.19 or higher via Google Play."
        }
    ],
    "source": {
        "advisory": "R7-2018-65.1",
        "discovery": "EXTERNAL"
    }
}
- Synchronized data. 2019-01-07 15:03:33 -05:00			`{`
"-Synchronized-Data." 2019-03-17 22:28:32 +00:00			`"CVE_data_meta": {`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`"ASSIGNER": "cve@rapid7.com",`
"-Synchronized-Data." 2019-03-17 22:28:32 +00:00			`"ID": "CVE-2019-5626",`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`"STATE": "PUBLIC",`
			`"TITLE": "BlueCats Reveal Android App Insecure Storage"`
"-Synchronized-Data." 2019-03-17 22:28:32 +00:00			`},`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`"vendor_name": "BlueCats",`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Reveal",`
			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`"version_value": "before 3.0.19"`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`}`
			`]`
			`}`
			`}`
			`]`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`}`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "This vulnerability was discovered by Rapid7 researcher Deral Heiland."`
			`}`
			`],`
"-Synchronized-Data." 2019-03-17 22:28:32 +00:00			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`"value": "The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app."`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.6"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 2.8,`
			`"baseSeverity": "LOW",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
Drop ticks, flatten CWE 2019-05-22 13:30:59 -04:00			`"value": "CWE-922: Insecure Storage of Sensitive Information"`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`}`
			`]`
"-Synchronized-Data." 2019-03-17 22:28:32 +00:00			`}`
			`]`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`"url": "https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/",`
			`"name": "https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/"`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`},`
			`{`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`"refsource": "MISC",`
			`"url": "https://play.google.com/store/apps/details?id=com.bluecats.bcreveal",`
			`"name": "https://play.google.com/store/apps/details?id=com.bluecats.bcreveal"`
JSON content for CVE-2019-562{5,6,7} 2019-05-21 23:26:08 -05:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Users should update their BlueCats Reveal app to v3.0.19 or higher via Google Play."`
			`}`
			`],`
			`"source": {`
			`"advisory": "R7-2018-65.1",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2019-03-17 22:28:32 +00:00			`}`
"-Synchronized-Data." 2019-05-22 19:00:51 +00:00			`}`