Potential Vulnerability in Trusteer iOS SDK Allows for File Uploading
CVE-2022-42443

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Trusteer iOS Sdk; Trusteer Android Sdk
Vendor: CVE Published:; 17 February 2024

Summary

An undisclosed issue in the Trusteer SDK for both iOS and Android platforms introduces a vulnerability that may permit unauthorized file uploads. This problem affects mobile versions of the SDK prior to 5.7, emphasizing the need for users to upgrade to mitigate potential security risks. As threats evolve, the security of mobile applications is crucial for protecting sensitive user data.

Affected Version(s)

Trusteer Android SDK 5.7

Trusteer iOS SDK 5.7

References

https://www.ibm.com/support/pages/node/6967785

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/238535

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Oct 6, 2022