CVE-2024-38480

July 1, 2024, 12:37 p.m.

None
No Score

Description

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

Product(s) Impacted

Product Versions
Piccoma App for Android
  • ['before 6.20.0']
Piccoma App for iOS
  • ['before 6.20.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
https://jvn.jp/en/jp/JVN01073312/
https://play.google.com/store/apps/details?id=jp.kakao.piccoma

Tags

vultures@jpcert.or.jp
2024-07-01
CVE-2024-38480

Timeline

Published: July 1, 2024, 5:15 a.m.
Last Modified: July 1, 2024, 12:37 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.