CVE-2020-35398

Опубликовано: 23 дек. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted.

Ссылки

https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US
Product
Third Party Advisory
https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:utimf:uti_mutual_fund_invest_online:*:*:*:*:*:android:*:*

Версия до 5.4.28 (включая)

EPSS

Процентиль: 46%

0.00232

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-gmf8-m925-g3q7

github

около 4 лет назад