Vulnerabilities > Alivecor
|2022-10-27||CVE-2022-41627|| Missing Encryption of Sensitive Data vulnerability in Alivecor products |
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols.
| 7.6 |
|2022-10-26||CVE-2022-40703|| Improper Authentication vulnerability in Alivecor Kardia 5.17.1754993421 |
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
| 6.1 |