{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T17:59:14.782","vulnerabilities":[{"cve":{"id":"CVE-2019-5626","sourceIdentifier":"cve@rapid7.com","published":"2019-05-22T18:29:01.210","lastModified":"2024-11-21T04:45:15.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app."},{"lang":"es","value":"La aplicación móvil de Android BlueCats Reveal version anterior a 3.0.19, almacena el nombre de usuario y la contraseña en un archivo de texto sin cifrar. Este archivo persiste hasta que el usuario termina sesión o la sesión finaliza debido a la falta de uso (30 días sin actividad del usuario). Esto pudiera permitir que un atacante comprometa la implementación de la red BlueCats afectada. El atacante primero tendría que obtener el control físico del dispositivo Android o comprometerlo con una app maliciosa."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"cve@rapid7.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-922"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bluecats:bluecats_reveal:*:*:*:*:*:android:*:*","versionEndExcluding":"3.0.19","matchCriteriaId":"AE90C309-6EF6-42D5-9D91-A13EC50076E6"}]}]}],"references":[{"url":"https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/","source":"cve@rapid7.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://play.google.com/store/apps/details?id=com.bluecats.bcreveal","source":"cve@rapid7.com","tags":["Product"]},{"url":"https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://play.google.com/store/apps/details?id=com.bluecats.bcreveal","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}