CVE-2020-5523 Vulnerability Details

  /     /     /  

CVE-2020-5523 Metadata Quick Info

CVE Published: 28/01/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: jpcert | Vendor: NTT Data Corporation | Product: \'MyPallete\' and some of the Android banking applications that use \'MyPallete\'
Status : PUBLISHED

CVE-2020-5523 Description

Android App \'MyPallete\' and some of the Android banking applications based on \'MyPallete\' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Fails to verify SSL certificates
Source: NTT Data Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2020-5523 Vulnerability Details