Search a vulnerability

All the vulnerabilites related to InBody Japan - InBody

jvndb-2021-000084

Vulnerability from jvndb

Published

2021-09-28 14:27

Modified

2021-09-28 14:27

Severity ?

3.5 (Low) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

InBody App vulnerable to information disclosure

Details

InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody App contains a vulnerability which may lead to information disclosure (CWE-200) only when it works with InBody Dial. As a result, it may receive a measurement result from InBody Dial under specific conditions. Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN63023305/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20832
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20832
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	InBody Japan	InBody

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000084.html",
  "dc:date": "2021-09-28T14:27+09:00",
  "dcterms:issued": "2021-09-28T14:27+09:00",
  "dcterms:modified": "2021-09-28T14:27+09:00",
  "description": "InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial.\r\nInBody App contains a vulnerability which may lead to information disclosure (CWE-200) only when it works with InBody Dial. As a result, it may receive a measurement result from InBody Dial under specific conditions.\r\n\r\nDaiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000084.html",
  "sec:cpe": {
    "#text": "cpe:/a:inbody:inbody",
    "@product": "InBody",
    "@vendor": "InBody Japan",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.9",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "3.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000084",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN63023305/index.html",
      "@id": "JVN#63023305",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20832",
      "@id": "CVE-2021-20832",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20832",
      "@id": "CVE-2021-20832",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "InBody App vulnerable to information disclosure"
}