Unrated severityNVD Advisory· Published Nov 4, 2024· Updated Nov 4, 2024

Cosmote Greece What's Up App Realm Database RealmDB.java default key

CVE-2024-10748

Description

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Cosmote Greece/What's Up Appv5
Range: 4.47.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.commitrethird-party-advisory
github.com/secuserx/CVE/blob/main/%5BHardcoded%20Realm%20Database%20Encryption%20Key%5D%20found%20in%20What's%20UP%20Android%20App%204.47.3%20-%20(RealmDB.java).mdmitrerelated
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000