Vulnerability Details : CVE-2017-9819
The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-9819
- cpe:2.3:a:npci:bharat_interface_for_money_\(bhim\):1.3:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9819
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9819
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-9819
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9819
-
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf
Page not found · GitHub · GitHubBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/148926
National Payments Corporation of India BHIM application for Android security bypass CVE-2017-9819 Vulnerability ReportThird Party Advisory
Jump to