CVE-2020-4099

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861	Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:verse:*:*:*:*:*:android:*:*

History

21 Nov 2024, 05:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.9
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861 - Vendor Advisory~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861 - Vendor Advisory

Information

Published : 2022-11-01 18:15

Updated : 2024-11-21 05:32

NVD link : CVE-2020-4099

Mitre link : CVE-2020-4099

CVE.ORG link : CVE-2020-4099

JSON object : View

Products Affected

hcltech

verse

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2020-4099", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-11-01T18:15:10.793", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-326"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app."}, {"lang": "es", "value": "La aplicaci\u00f3n se firm\u00f3 utilizando una longitud de clave menor o igual a 1024 bits, lo que la hace potencialmente vulnerable a firmas digitales falsificadas. Un atacante podr\u00eda falsificar la misma firma digital de la aplicaci\u00f3n despu\u00e9s de modificarla maliciosamente."}], "lastModified": "2024-11-21T05:32:17.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:verse:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A2EA89D7-E820-4C50-A282-6A3EC75278FB", "versionEndExcluding": "12.0.15"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}