Vulnerability Details CVE-2018-18977
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-18977
-
cpe:2.3:a:ascensia:contour_diabetes:1.0.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.0.5
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.24
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.44
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.55
-
cpe:2.3:a:ascensia:contour_diabetes:1.3.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.3.11
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.1
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.50
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.60
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.75
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.5
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.51
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.10
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.20
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.10
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.20