MEDIUM🇬🇧 English

CVE-2018-3987

CVSS 5.5v3.1pub. 2020-02-13upd. 2024-11-21

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Rakuten Viber

    APP
    Rakuten
    9.3.0.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-13476CRITICAL9.8PL ✓ten sam produkt

Rakuten Viber: statyczny fingerprint TLS umożliwia identyfikację ruchu proxy

CVE-2020-14049HIGH7.5ten sam produkt

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could la...

CVE-2019-18800HIGH8.8ten sam produkt

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Vib...

CVE-2019-12569HIGH7.8ten sam produkt

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary comm...

CVE-2025-55996MEDIUM6.3ten sam produkt

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward int...