Vulnerability Details CVE-2018-18976
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2018-18976
-
cpe:2.3:a:ascensia:contour_diabetes:1.0.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.0.5
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.24
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.44
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.55
-
cpe:2.3:a:ascensia:contour_diabetes:1.3.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.3.11
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.1
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.50
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.60
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.75
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.5
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.51
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.55
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.10
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.20
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.10
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.20