CVE-2021-32612

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://trovent.io/security-advisory-2105-01", "name": "https://trovent.io/security-advisory-2105-01", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt", "name": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US", "name": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US", "tags": ["Product"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Jun/45", "name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-319"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-32612", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2021-06-16T12:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:i-doo:veryfitpro:3.2.8:*:*:*:*:android:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-12T16:57Z"}