CVE-2020-4099

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:verse:*:*:*:*:*:android:*:*

History

03 Nov 2022, 17:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hcltech:verse::::::android::*
First Time		Hcltech verse Hcltech
CWE		CWE-326
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(CONFIRM) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861 -~~	(CONFIRM) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861 - Vendor Advisory

01 Nov 2022, 19:40

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-01 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2020-4099

Mitre link : CVE-2020-4099

CVE.ORG link : CVE-2020-4099

JSON object : View

Products Affected

hcltech

verse

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2020-4099", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2022-11-01T18:15:10.793", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}, {"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app."}, {"lang": "es", "value": "La aplicaci\u00f3n se firm\u00f3 utilizando una longitud de clave menor o igual a 1024 bits, lo que la hace potencialmente vulnerable a firmas digitales falsificadas. Un atacante podr\u00eda falsificar la misma firma digital de la aplicaci\u00f3n despu\u00e9s de modificarla maliciosamente."}], "lastModified": "2022-11-03T17:14:38.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:verse:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "A2EA89D7-E820-4C50-A282-6A3EC75278FB", "versionEndExcluding": "12.0.15"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}