CVSS 3.1 Score 3.9 of 10 (low)


Published Jun 25, 2024
CWE ID 200


CVE-2024-6294 is a vulnerability that affects the udn News Android APP. When a user logs into the app, their session is stored in a logcat file. This session can be retrieved by a malicious app or an attacker with physical access to the Android device. The retrieved session can then be used to log into the news app and other services provided by udn. The vulnerability has a risk score of 5 and a base severity of low, but it poses a high confidentiality impact. The exploitability score is 0.3, and it requires high privileges to carry out the attack. The attack vector is physical, and there is no need for user interaction. To remediate this vulnerability, it is recommended to update the udn News Android APP to fix the session storage issue and ensure that sensitive information is not exposed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-6294 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions