OpenCVE

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Verse

Configuration 1 [-]

cpe:2.3:a:hcltech:verse:*:*:*:*:*:android:*:*

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2022-11-01T17:55:10.519466Z

Updated: 2024-09-17T01:11:32.686Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4099

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-01T18:15:10.793

Modified: 2022-11-03T17:14:38.337

Link: CVE-2020-4099

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:verse:*:*:*:*:*:android:*:*", "matchCriteriaId": "A2EA89D7-E820-4C50-A282-6A3EC75278FB", "versionEndExcluding": "12.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app."}, {"lang": "es", "value": "La aplicaci\u00f3n se firm\u00f3 utilizando una longitud de clave menor o igual a 1024 bits, lo que la hace potencialmente vulnerable a firmas digitales falsificadas. Un atacante podr\u00eda falsificar la misma firma digital de la aplicaci\u00f3n despu\u00e9s de modificarla maliciosamente."}], "id": "CVE-2020-4099", "lastModified": "2022-11-03T17:14:38.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-11-01T18:15:10.793", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "psirt@hcl.com", "type": "Secondary"}]}