Information Leakage Vulnerability in Vivo Health Module
CVE-2024-13173

6.3MEDIUM

Key Information:

Vendor: Vivo
Status: Health
Vendor: CVE Published:; 8 January 2025

Summary

The health module developed by Vivo contains a vulnerability that stems from insufficient restrictions on loading URLs. This flaw could potentially lead to unauthorized access and information leakage, exposing sensitive data to potential threats. It is essential for users to assess their security configurations and apply updates or patches as needed to mitigate the risks associated with this issue.

Affected Version(s)

Health Versions below 4.1.6.33

References

https://www.vivo.com/en/support/security-advisory-detail?...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 8, 2025
Vulnerability Reserved
Jan 7, 2025