Clicky

CVE-2020-23533 – Alert Detail – Security Database

ByPR 24

Executive Summary

Informations
Name CVE-2020-23533 First vendor Publication 2021-04-06
Vendor Cve Last vendor Modification 2021-04-06

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants’ websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23533

Sources (Detail)

Alert History

If you want to see full details history, please login or register.

0

Date Informations
2021-04-06 21:23:13

Similar Posts

iPhone users must download it right now

iPhone users must download it right now

ByPR 24

Apple officially released iOS 14.7 software update last week with support for MagSafe magnetic battery pack support for iPhone 12 series. In addition to new features, system upgrades, improvements and bug fixes, the iOS 14.7 unfortunately interrupted the “Unlock with iPhone” feature. This feature mainly helped Apple Watch users for easy access to their smartwatch….

Cyber gang behind Irish health system attack also hit more than a dozen US healthcare organisations

Cyber gang behind Irish health system attack also hit more than a dozen US healthcare organisations

ByPR 24

Cyber gang behind Irish health system attack also hit more than a dozen US healthcare organisations The Federal Bureau of Investigation (FBI) said on Thursday that the Conti ransomware operatives who recently took down Irish health system have also hit the networks of at least 16 US healthcare and first response organisations in the past…

Energy giant Shell impacted in Accellion hack

Energy giant Shell impacted in Accellion hack

ByPR 24

Written by Shannon Vavra Mar 23, 2021 | CYBERSCOOP Oil and gas company Shell is the latest organization to get caught up in the hack that targeted IT provider Accellion’s file-sharing platform, the energy company says. The suspected criminal hackers behind the breach, who have gone after victims around the world using vulnerabilities in Accellion’s…

5 Agencies Using Pulse Secure VPNs Possibly Breached

5 Agencies Using Pulse Secure VPNs Possibly Breached

ByPR 24

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Fraud Risk Management Suspicious Activity Detected; Investigation Continues Scott Ferguson (Ferguson_Writes) • April 30, 2021     The Cybersecurity and Infrastructure Security Agency is investigating whether five government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to…

Hackers might exploit bug in Amazon Kindle, company issues fix | #cybersecurity | #cyberattack | #cybersecurity | #infosecurity | #hacker | National Cyber Security

Hackers might exploit bug in Amazon Kindle, company issues fix | #cybersecurity | #cyberattack | #cybersecurity | #infosecurity | #hacker | National Cyber Security

ByPR 24

A team of cyber-security researchers has discovered security flaws in popular e-reading device Amazon Kindle that might have led hackers to take full control of a Kindle device, opening a path to stealing information stored. By tricking victims into opening a malicious e-book, a threat actor could have leveraged the flaws to target specific demographics…