CVE Vulnerability

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.youtube.com/watch?v=u5iEeLZnYVg Exploit Third Party Advisory
https://pastebin.com/WkkGk0tw Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cat_runner:_decorate_home_project:cat_runner:_decorate_home:2.8.0:*:*:*:*:android:*:*
Information

Published : 2019-07-22 05:15

Updated : 2019-07-26 02:25

NVD link : CVE-2019-13097

Mitre link : CVE-2019-13097

Products Affected
No products.
CWE
CWE-20