exploitDog

CVE-2019-20455

Опубликовано: 14 фев. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.

Ссылки

https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0
Patch
Release Notes
Third Party Advisory
https://github.com/globalpayments/php-sdk/pull/8
Exploit
Third Party Advisory
https://github.com/globalpayments/php-sdk/releases/tag/2.0.0
Release Notes
Third Party Advisory
https://winterdragon.ca/global-payments-vulnerability/
Exploit
Patch
Third Party Advisory
URL Repurposed
https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0
Patch
Release Notes
Third Party Advisory
https://github.com/globalpayments/php-sdk/pull/8
Exploit
Third Party Advisory
https://github.com/globalpayments/php-sdk/releases/tag/2.0.0
Release Notes
Third Party Advisory
https://winterdragon.ca/global-payments-vulnerability/
Exploit
Patch
Third Party Advisory
URL Repurposed

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:globalpayments:php_sdk:*:*:*:*:*:*:*:*

Версия до 2.0.0 (исключая)

EPSS

Процентиль: 59%

0.00376

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-pm77-c4q7-3fwj

CVSS3: 5.9

github

больше 4 лет назад

Improper Certificate Validation in Heartland & Global Payments PHP SDK

EPSS

Процентиль: 59%

0.00376

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295