Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
Vulnerability Description
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
myAEDES 访问控制错误漏洞
Vulnerability Description
myAEDES是美国myAEDES公司的一个建筑与工程项目管理的平台。 myAEDES 1.18.4及之前版本存在访问控制错误漏洞,该漏洞源于对组件aedes.me.beta中文件aedes/me/beta/utils/EngageBayUtils.java的参数AUTH_KEY的操作,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A