CVE-2013-6986 : The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite ca

The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements.

Published 2013-12-12 17:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-6986

Zippyyum » Subway Ordering For California » Version: 3.4 For Iphone Os
cpe:2.3:a:zippyyum:subway_ordering_for_california:3.4:-:-:*:-:iphone_os:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6986

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6986

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-6986

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6986

http://osvdb.org/100745
http://packetstormsecurity.com/files/124330/ZippyYum-3.4-Insecure-Data-Storage.html

ZippyYum 3.4 Insecure Data Storage ≈ Packet Storm
http://seclists.org/fulldisclosure/2013/Dec/39

Full Disclosure: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application
http://archives.neohapsis.com/archives/bugtraq/2013-12/0040.html

Jump to

Vulnerability Details : CVE-2013-6986

Products affected by CVE-2013-6986

Exploit prediction scoring system (EPSS) score for CVE-2013-6986

CVSS scores for CVE-2013-6986

CWE ids for CVE-2013-6986

References for CVE-2013-6986