7.4
CVE-2020-5523
- EPSS 0.38%
- Published 28.01.2020 06:15:12
- Last modified 21.11.2024 05:34:12
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Data is provided by the National Vulnerability Database (NVD)
Ashikagabank ≫ Ashigin SwPlatformandroid Version <= 1.0.4
Hokkaidobank ≫ Dogin SwPlatformandroid Version <= 3.0.1
Hokugin ≫ Hokuriku Bank Portal SwPlatformandroid Version <= 2.0.1
Naganobank ≫ Nagagin SwPlatformandroid Version <= 1.0.1
Shikokubank ≫ Shikoku Bank SwPlatformandroid Version <= 2.0.1
Sihd-bk ≫ Ikeda Senshu Bank SwPlatformandroid Version <= 3.0.4
Tohoku-bank ≫ Tougin SwPlatformandroid Version <= 1.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.588 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.