CVE-2017-9820

{"id": "CVE-2017-9820", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-08-24T21:29:00.467", "references": [{"url": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148925", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication."}, {"lang": "es", "value": "La aplicaci\u00f3n National Payments Corporation of India BHIM 1.3 para Android emplea un teclado personalizado para el que el elemento input est\u00e1 disponible para el servicio Accessibility, lo que facilita que los atacantes omitan la autenticaci\u00f3n."}], "lastModified": "2024-11-21T03:36:55.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:npci:bharat_interface_for_money_\\(bhim\\):1.3:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "0370FB3B-B038-403D-A5A2-9D924E5A12E2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}