Vulnerability Details : CVE-2018-11242
Potential exploit
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
Products affected by CVE-2018-11242
- cpe:2.3:a:makemytrip:makemytrip:7.2.4:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-11242
4.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-11242
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-11242
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11242
-
https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1
Security advisory: Unencrypted storage of information in MakeMyTrip 7.2.4 ยท GitHubThird Party Advisory
-
https://www.exploit-db.com/exploits/44690/
MakeMyTrip 7.2.4 - Information DisclosureExploit;Third Party Advisory;VDB Entry
Jump to