CVE-2020-27416

Опубликовано: 08 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.

Ссылки

https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/
Third Party Advisory
https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en&gl=US
Third Party Advisory
https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/
Third Party Advisory
https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en&gl=US
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mahadiscom:mahavitaran:*:*:*:*:*:android:*:*

Версия до 7.50 (включая)

EPSS

Процентиль: 72%

0.00726

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-613

Связанные уязвимости

GHSA-7f2f-4pm3-cv4p

github

около 4 лет назад