Lucene search

VulDBCVELIST:CVE-2020-36528

HistoryJun 03, 2022 - 2:55 p.m.

CVE-2020-36528 Platinum Mobile MobileHandler.ashx access control

2022-06-0314:55:28

CWE-264

VulDB

www.cve.org

cve-2020-36528

platinum mobile

vulnerability

access control

authentication

upgrade

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

27.9%

JSON

A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "product": "Platinum Mobile",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.4.850"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2020/Oct/4

vuldb.com/?id.162264