Lucene search

[email protected]NVD:CVE-2022-1716

HistoryJun 02, 2022 - 6:15 p.m.

CVE-2022-1716

2022-06-0218:15:08

[email protected]

web.nvd.nist.gov

keep my notes

v1.80.147

security vulnerability

dynamic code manipulation

physical access

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

31.5%

JSON

Keep My Notes v1.80.147 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.

Affected configurations

Nvd

Node

kitetechkeep_my_notesMatch1.80.147android

VendorProductVersionCPE
kitetechkeep_my_notes1.80.147cpe:2.3:a:kitetech:keep_my_notes:1.80.147:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
kitetech	keep_my_notes	1.80.147	cpe:2.3:a:kitetech:keep_my_notes:1.80.147:::::android::

References

www.kitetech.co/keepmynotes

fluidattacks.com/advisories/tyler/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

31.5%

JSON

Related for NVD:CVE-2022-1716

prion1 cvelist1 cve1