jvndb-2021-000084
Vulnerability from jvndb
Published
2021-09-28 14:27
Modified
2021-09-28 14:27
Severity ?
Summary
InBody App vulnerable to information disclosure
Details
InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial.
InBody App contains a vulnerability which may lead to information disclosure (CWE-200) only when it works with InBody Dial. As a result, it may receive a measurement result from InBody Dial under specific conditions.
Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN63023305/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20832 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20832 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| InBody Japan | InBody |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000084.html",
"dc:date": "2021-09-28T14:27+09:00",
"dcterms:issued": "2021-09-28T14:27+09:00",
"dcterms:modified": "2021-09-28T14:27+09:00",
"description": "InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial.\r\nInBody App contains a vulnerability which may lead to information disclosure (CWE-200) only when it works with InBody Dial. As a result, it may receive a measurement result from InBody Dial under specific conditions.\r\n\r\nDaiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000084.html",
"sec:cpe": {
"#text": "cpe:/a:inbody:inbody",
"@product": "InBody",
"@vendor": "InBody Japan",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.9",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000084",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN63023305/index.html",
"@id": "JVN#63023305",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20832",
"@id": "CVE-2021-20832",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20832",
"@id": "CVE-2021-20832",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "InBody App vulnerable to information disclosure"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.