CVE-2019-9140 HIGH

CVE-2019-9140: Happypoint mobile application information disclosure vulnerability

Vendor Spc Cloud
Product Happypoint mobile app
Weakness CWE-94 · Code injection
Published August 1, 2019
Last update September 17, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL.

Key dates

02Disclosure timeline

August 1, 2019 CVE published
September 17, 2024 Record updated