CVE-2024-10748 LOW

CVE-2024-10748: Cosmote Greece What's Up App Realm Database RealmDB.java default key

Vendor Cosmote Greece

Product What's Up App

Weakness CWE-1394

Published November 4, 2024

Last update November 4, 2024

View on NVD All CVEs

CVSS base score

2.0/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

November 4, 2024 CVE published

November 4, 2024 Record updated