CVE-2022-1716

2022-06-0217:05:42

Fluid Attacks

www.cve.org

keep my notes

password bypass

physical access

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

31.5%

JSON

Keep My Notes v1.80.147 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.

CNA Affected

[
  {
    "product": "Keep My Notes",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.80.147"
      }
    ]
  }
]

References

www.kitetech.co/keepmynotes

fluidattacks.com/advisories/tyler/