Vulnerability Details : CVE-2010-2913
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2010-2913
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2913
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-2913
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2913
-
http://securitytracker.com/id?1024249
Citi Mobile Local File Storage May Disclose Potentially Sensitive Information to Local Users - SecurityTracker
-
http://news.cnet.com/8301-27080_3-20011664-245.html
Page Not Found (404) - CNET
-
http://itunes.apple.com/us/app/citi-mobile-sm/id301724680
Citi Mobile® on the App StorePatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/60855
Citibank Citi Mobile data information disclosure CVE-2010-2913 Vulnerability Report
Products affected by CVE-2010-2913
- cpe:2.3:a:citibank:citi_mobile:*:*:*:*:*:*:*:*