VDB-160762 · CVE-2020-36532 · GCVE-100-160762

Klapp App Authorization Credentials Bayani fitowa

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Klapp App. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil $software_file, a cikin sashen Authorization. A sa manipulation ka Bayani fitowa (Credentials). Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-200. An gano matsalar a 08/18/2020. Hakika, rauni an bayyana shi 09/07/2020 daga Sven Fassbender tare da modzero AG kamar Knapp daneben ist auch vorbei kamar Gargaaji (Webseite). An raba bayanin tsaro don saukewa a modzero.com. Vendor an kaɗi, public release an kaɗi. Wannan matsala ana saninta da CVE-2020-36532. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal faɗi ba ga. Babu exploit ɗin da ake samu. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 54 Datenpunkte

Furɗe	Súgá 09/07/2020 13:09	Gargadi 1/2 09/07/2020 14:03	Gargadi 2/2 06/03/2022 20:36
software_vendor	Klapp	Klapp	Klapp
software_name	App	App	App
software_component	Authorization	Authorization	Authorization
vulnerability_discoverydate	1597708800 (08/18/2020)	1597708800 (08/18/2020)	1597708800 (08/18/2020)
vulnerability_vendorinformdate	1597795200 (08/19/2020)	1597795200 (08/19/2020)	1597795200 (08/19/2020)
vulnerability_risk	1	1	1
vulnerability_historic	0	0	0
cvss2_vuldb_basescore	3.5	3.5	3.5
cvss2_vuldb_tempscore	3.0	3.0	3.0
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	4.1	4.1	4.1
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
vulnerability_titleword	Credentials	Credentials	Credentials
advisory_date	1599436800 (09/07/2020)	1599436800 (09/07/2020)	1599436800 (09/07/2020)
advisory_location	Website	Website	Website
advisory_type	Advisory	Advisory	Advisory
advisory_url	https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html	https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html	https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html
advisory_identifier	Knapp daneben ist auch vorbei	Knapp daneben ist auch vorbei	Knapp daneben ist auch vorbei
advisory_coordination	1	1	1
person_name	Sven Fassbender	Sven Fassbender	Sven Fassbender
company_name	modzero AG	modzero AG	modzero AG
advisory_reaction_date	1597968000 (08/21/2020)	1597968000 (08/21/2020)	1597968000 (08/21/2020)
advisory_disputed	0	0	0
price_0day	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Gargajiya	Gargajiya	Gargajiya
countermeasure_date	1598227200 (08/24/2020)	1598227200 (08/24/2020)	1598227200 (08/24/2020)
source_seealso	160763	160763	160763
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
reaction_days	5	5	5
0day_days	6	6	6
advisory_falsepositive		0	0
vulnerability_cwe		CWE-200 (Bayani fitowa)	CWE-200 (Bayani fitowa)
source_cve			CVE-2020-36532
cna_responsible			VulDB

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!