Lucene search

[email protected]NVD:CVE-2020-36528

HistoryJun 07, 2022 - 6:15 p.m.

CVE-2020-36528

2022-06-0718:15:10

CWE-264

CWE-287

[email protected]

web.nvd.nist.gov

vulnerability

platinum mobile

access control

authentication

upgrade

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

27.9%

JSON

A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component.

Affected configurations

Nvd

Node

platinumchinaplatinum_mobileMatch1.0.4.850

VendorProductVersionCPE
platinumchinaplatinum_mobile1.0.4.850cpe:2.3:a:platinumchina:platinum_mobile:1.0.4.850:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
platinumchina	platinum_mobile	1.0.4.850	cpe:2.3:a:platinumchina:platinum_mobile:1.0.4.850:::::::*

References

seclists.org/fulldisclosure/2020/Oct/4

vuldb.com/?id.162264

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

27.9%

JSON

Related for NVD:CVE-2020-36528

prion1 cve1 cvelist1