CVE-2024-11026

CVSS 2.0 Score 2.6 of 10 (low)

Details

Published Nov 8, 2024

Updated: Nov 12, 2024

CWE ID 255

CWE ID 259

Summary

CVE-2024-11026 is a vulnerability identified in Intelligent Apps Freenow App 12.10.0 on Android. This issue, rated as problematic, affects the Keystore Handler component, specifically the ch/qos/logback/core/net/ssl/SSL.java file. An attacker can manipulate the DEFAULT_KEYSTORE_PASSWORD argument with the input "changeit," resulting in the use of a hard-coded password. This vulnerability allows for remote attacks, but the complexity is relatively high, making the exploitation challenging. The exploit has been disclosed to the public, increasing the potential for misuse. Despite early disclosure to the vendor, they have not responded to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-11026

CVSS 2.0 Score 2.6 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations