CVE-2004-0063

{"id": "CVE-2004-0063", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-02-17T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107411819503569&w=2", "source": "cve@mitre.org"}, {"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3537", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9422", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107411819503569&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/3537", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/9422", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number."}, {"lang": "es", "value": "La funci\u00f3n SPP_VerifyPW en la librer\u00eda nCipher payShield 1.3.12, 1.5.18 y 1.6.18 devuelve un valor Status_OK incluso si el HSM devuelve un c\u00f3digo de estado diferente, lo que podr\u00eda causar que aplicaciones hiciesen decisi\u00f3nes cr\u00edticas de seguridad de mandera incorrecta, por ejemplo aceptando un n\u00famero PIN no v\u00e1lido."}], "lastModified": "2024-11-20T23:47:40.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ncipher:payshield_spp_library:1.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B09FF87A-E7A1-43D4-AAAB-1CEE32B55EEC"}, {"criteria": "cpe:2.3:a:ncipher:payshield_spp_library:1.5.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092628C5-FFC4-4C9F-9267-FB6FF68B6491"}, {"criteria": "cpe:2.3:a:ncipher:payshield_spp_library:1.6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A12E833-A4AF-4417-87D5-6F3F44CE96A6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}