7.4
CVE-2020-5523
- EPSS 0.38%
- Veröffentlicht 28.01.2020 06:15:12
- Zuletzt bearbeitet 21.11.2024 05:34:12
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ashikagabank ≫ Ashigin SwPlatformandroid Version <= 1.0.4
Hokkaidobank ≫ Dogin SwPlatformandroid Version <= 3.0.1
Hokugin ≫ Hokuriku Bank Portal SwPlatformandroid Version <= 2.0.1
Naganobank ≫ Nagagin SwPlatformandroid Version <= 1.0.1
Shikokubank ≫ Shikoku Bank SwPlatformandroid Version <= 2.0.1
Sihd-bk ≫ Ikeda Senshu Bank SwPlatformandroid Version <= 3.0.4
Tohoku-bank ≫ Tougin SwPlatformandroid Version <= 1.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.588 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.