CVE-2021-43388

Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False.
Configurations

Configuration 1 (hide)

cpe:2.3:a:unisys:cargo_mobile:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:29

Type Values Removed Values Added
References () https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65 - Vendor Advisory () https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65 - Vendor Advisory

16 Dec 2021, 19:44

Type Values Removed Values Added
CWE CWE-312
CPE cpe:2.3:a:unisys:cargo_mobile:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 7.5
References (MISC) https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65 - (MISC) https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65 - Vendor Advisory

14 Dec 2021, 18:27

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-14 18:15

Updated : 2024-11-21 06:29


NVD link : CVE-2021-43388

Mitre link : CVE-2021-43388

CVE.ORG link : CVE-2021-43388


JSON object : View

Products Affected

unisys

  • cargo_mobile
CWE
CWE-312

Cleartext Storage of Sensitive Information