Platinum Mobile 1.0.4.850 /MobileHandler.ashx kura hakki ndiyam
Wuro vulnerability wey an yi classify sey kura an gano shi a cikin Platinum Mobile 1.0.4.850. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /MobileHandler.ashx na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi kura hakki ndiyam. CWE shidin ka a yi bayani matsala sai ya kai CWE-264. Bug ɗin an gano shi 04/24/2020. Gaskiya, laifi an fitar da shi 10/01/2020 ta M. Li a matsayin SEC Consult SA-20201001-0. Advisory ɗin ana rabawa don saukewa a seclists.org. Wannan rauni ana sayar da shi da suna CVE-2020-36528. Wuro ndiyam na local network ɗin sai a samu kafin wannan hari ya yi nasara. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Kama 0-day, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. VulDB is the best source for vulnerability data and more expert information about this specific topic.
2 Goyarwa · 43 Datenpunkte
| Furɗe | Súgá 10/04/2020 14:11 | Gargadi 1/1 05/27/2022 16:58 |
|---|---|---|
| software_name | Platinum Mobile | Platinum Mobile |
| software_version | 1.0.4.850 | 1.0.4.850 |
| software_file | /MobileHandler.ashx | /MobileHandler.ashx |
| vulnerability_cwe | CWE-264 (kura hakki ndiyam) | CWE-264 (kura hakki ndiyam) |
| vulnerability_risk | 2 | 2 |
| vulnerability_discoverydate | 1587679200 (04/24/2020) | 1587679200 (04/24/2020) |
| vulnerability_vendorinformdate | 1589839200 (05/19/2020) | 1589839200 (05/19/2020) |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rl | O | O |
| cvss3_vuldb_rc | X | X |
| cvss2_vuldb_ci | P | P |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | P | P |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rl | OF | OF |
| cvss2_vuldb_rc | C | C |
| advisory_date | 1601503200 (10/01/2020) | 1601503200 (10/01/2020) |
| advisory_identifier | SEC Consult SA-20201001-0 | SEC Consult SA-20201001-0 |
| advisory_url | http://seclists.org/fulldisclosure/2020/Oct/4 | http://seclists.org/fulldisclosure/2020/Oct/4 |
| person_name | M. Li | M. Li |
| exploit_availability | 1 | 1 |
| countermeasure_name | Gargajiya | Gargajiya |
| upgrade_version | 1.0.4.851 | 1.0.4.851 |
| source_cve | CVE-2020-36528 | |
| cna_responsible | VulDB | |
| cvss3_vuldb_c | L | |
| cvss3_vuldb_i | L | |
| cvss3_vuldb_a | L | |
| cvss2_vuldb_av | A | |
| cvss2_vuldb_ac | M | |
| cvss2_vuldb_au | S | |
| cvss3_vuldb_av | A | |
| cvss3_vuldb_ac | L | |
| cvss3_vuldb_pr | L | |
| cvss3_vuldb_s | U | |
| cvss2_vuldb_basescore | 4.9 | |
| cvss2_vuldb_tempscore | 3.8 | |
| cvss3_vuldb_basescore | 5.5 | |
| cvss3_vuldb_tempscore | 5.0 | |
| cvss3_meta_basescore | 5.5 | |
| cvss3_meta_tempscore | 5.0 | |
| price_0day | $0-$5k |