CVE-2024-53683 MEDIUM

CVE-2024-53683: Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere

Vendor Ossur
Product Mobile Logic Application
Weakness CWE-497
Published January 17, 2025
Last update January 21, 2025

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
January 21, 2025 Record updated