Ascensia: >> Contour Diabetes >> 2.2.55 Security Vulnerabilities
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-05-06
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.)
CVSS Score
5.3
EPSS Score
0.002
Published
2019-05-06