CVE-2018-12076

EPSS 0.19%
Veröffentlicht 13.12.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:44:32
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer's bar code. An exploit could allow the attacker to access all funds located within the MarketCard or allow unauthenticated disclosure of information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avantimarkets ≫ Market Card

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.408

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.2	0.5	3.6	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://sorsnce.com/2018/11/13/announcing-cve-2018-12076/

Third Party Advisory

URL Repurposed

https://nvd.nist.gov/vuln/detail/CVE-2018-12076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12076

EUVD