Contour NEXT ONE
by Ascensia
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18977 | Hig | 0.49 | 7.5 | 0.02 | May 6, 2019 | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This… | ||
| CVE-2018-18975 | Hig | 0.49 | 7.5 | 0.01 | May 6, 2019 | An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information. | ||
| CVE-2018-18979 | Hig | 0.48 | 7.4 | 0.01 | May 6, 2019 | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend… | ||
| CVE-2018-18978 | Hig | 0.48 | 7.4 | 0.01 | May 6, 2019 | An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in… | ||
| CVE-2018-18976 | Med | 0.35 | 5.3 | 0.01 | May 6, 2019 | An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values.… |
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.
- risk 0.48cvss 7.4epss 0.01
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend…
- risk 0.48cvss 7.4epss 0.01
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in…
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values.…