{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-17T15:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/124330/ZippyYum-3.4-Insecure-Data-Storage.html"}, {"name": "20131209 [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0040.html"}, {"name": "20131206 [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Dec/39"}, {"name": "100745", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100745"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6986", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/124330/ZippyYum-3.4-Insecure-Data-Storage.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/124330/ZippyYum-3.4-Insecure-Data-Storage.html"}, {"name": "20131209 [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0040.html"}, {"name": "20131206 [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Dec/39"}, {"name": "100745", "refsource": "OSVDB", "url": "http://osvdb.org/100745"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6986", "datePublished": "2013-12-12T17:00:00", "dateReserved": "2013-12-05T00:00:00", "dateUpdated": "2013-12-17T15:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zippyyum:subway_ordering_for_california:3.4:-:-:*:-:iphone_os:*:*", "matchCriteriaId": "07807358-47D8-400B-A05D-A9B3D495B4EC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements."}, {"lang": "es", "value": "La aplicaci\u00f3n ZippyYum Subway CA Kiosk para iOS utiliza almacenamiento de usuarios en texto claro, lo que permite a atacantes obtener informaci\u00f3n sensible mediante la lectura de elementos de datos, tal y como se demostr\u00f3 con elementos de contrase\u00f1a."}], "id": "CVE-2013-6986", "lastModified": "2013-12-20T04:38:56.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-12T17:55:03.640", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0040.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/100745"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/124330/ZippyYum-3.4-Insecure-Data-Storage.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2013/Dec/39"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}