CVE-2019-13100
MEDIUMSend Anywhere 9.4.18 - Cleartext Storage of Sensitive Information in Device Configuration File
Title source: llmDescription
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/Gdd0Shgr
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
send-anywhere/send_anywhere
9.4.18
Published
Jul 22, 2019
Tracked Since
Feb 18, 2026