Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/04/2019 Updated: 10/05/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).

Vulnerable Product	Search on Vulmon	Subscribe to Product
amazon aws software development kit

CWE-312 https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19981

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect