Potential Vulnerability in Trusteer iOS SDK Allows for File Uploading
CVE-2022-42443

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Trusteer iOS Sdk; Trusteer Android Sdk
Vendor: CVE Published:; 17 February 2024

What is CVE-2022-42443?

An undisclosed issue in the Trusteer SDK for both iOS and Android platforms introduces a vulnerability that may permit unauthorized file uploads. This problem affects mobile versions of the SDK prior to 5.7, emphasizing the need for users to upgrade to mitigate potential security risks. As threats evolve, the security of mobile applications is crucial for protecting sensitive user data.

Affected Version(s)

Trusteer Android SDK 5.7

Trusteer iOS SDK 5.7

References

https://www.ibm.com/support/pages/node/6967785

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/238535

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Oct 6, 2022

IBM

What is CVE-2022-42443?

Affected Version(s)

References

CVSS V3.1

Timeline