Vulnerabilities > CVE-2018-15660 - Unspecified vulnerability in Olacabs Olamoney 1.9.0

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

olacabs

NVD

Published: 2018-08-21

Updated: 2024-11-21

Summary

An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix

Vulnerable Configurations

Part	Description	Count
Application	Olacabs Olacabs Olamoney 1.9.0	1

References

https://github.com/magicj3lly/appexploits/blob/master/OLA%20Money.pdf
https://github.com/magicj3lly/appexploits/blob/master/OLA%20Money.pdf