CVE-2020-4099 Vulnerability Details

  /     /     /  

CVE-2020-4099 Metadata Quick Info

CVE Published: 01/11/2022 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: HCL | Vendor: HCL Software | Product: HCL Verse for Android
Status : PUBLISHED

---

CVE-2020-4099 Description

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

Metrics

CVSS Version: 3.1 | Base Score: 5.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-326
CWE Name: CWE-326 Inadequate Encryption Strength
Source: HCL Software

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).