CVE-2020-4100

2020-07-1512:31:11

HCL

www.cve.org

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

“HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly.”

CNA Affected

[
  {
    "product": "\"HCL Verse for Android\"",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "\"May 2020 Release (11.0.4) of HCL Verse Mobile for Android and older versions\""
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800