Vulnerability Details : CVE-2020-36528
Potential exploit
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component.
Vulnerability category: BypassGain privilege
Products affected by CVE-2020-36528
- cpe:2.3:a:platinumchina:platinum_mobile:1.0.4.850:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36528
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36528
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
VulDB | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-36528
-
Assigned by: cna@vuldb.com (Secondary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36528
-
http://seclists.org/fulldisclosure/2020/Oct/4
Full Disclosure: SEC Consult SA-20201001-0 :: Broken Access Control in Platinum MobileExploit;Mailing List;Third Party Advisory
-
https://vuldb.com/?id.162264
CVE-2020-36528 | Platinum Mobile MobileHandler.ashx access controlThird Party Advisory;VDB Entry
Jump to