ascensia contour diabetes vulnerabilities and exploits

(subscribe to this query)

7.5

CVSSv3

An issue exists in the Ascensia Contour NEXT ONE app for iOS prior to 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.

Ascensia Contour Diabetes

5.3

CVSSv3

An issue exists in the Ascensia Contour NEXT ONE application for iOS and Android prior to 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This in...

Ascensia Contour Diabetes

7.5

CVSSv3

An issue exists in the Ascensia Contour NEXT ONE application for Android prior to 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs...

Ascensia Contour Diabetes

7.4

CVSSv3

An issue exists in the Ascensia Contour NEXT ONE application for Android prior to 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combinati...

Ascensia Contour Diabetes

7.4

CVSSv3

An issue exists in the Ascensia Contour NEXT ONE application for Android prior to 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This...

Ascensia Contour Diabetes

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook