CVE-2020-4100 - OpenCVE

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltechsw	Hcl Verse

Configuration 1 [-]

cpe:2.3:a:hcltechsw:hcl_verse:11.0.4:*:*:*:*:android:*:*

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2020-07-15T12:31:11

Updated: 2024-08-04T07:52:20.938Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4100

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-15T13:15:10.287

Modified: 2020-07-22T16:08:30.047

Link: CVE-2020-4100

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "\"HCL Verse for Android\"", "vendor": "n/a", "versions": [{"status": "affected", "version": "\"May 2020 Release (11.0.4) of HCL Verse Mobile for Android and older versions\""}]}], "descriptions": [{"lang": "en", "value": "\"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly.\""}], "problemTypes": [{"descriptions": [{"description": "\"Dynamic code loading/injection\"", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T12:31:11", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "ID": "CVE-2020-4100", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "\"HCL Verse for Android\"", "version": {"version_data": [{"version_value": "\"May 2020 Release (11.0.4) of HCL Verse Mobile for Android and older versions\""}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "\"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "\"Dynamic code loading/injection\""}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.938Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800"}]}]}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2020-4100", "datePublished": "2020-07-15T12:31:11", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.938Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_verse:11.0.4:*:*:*:*:android:*:*", "matchCriteriaId": "905DDA25-2D70-4FFE-ACFB-2C9B8808C048", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly.\""}, {"lang": "es", "value": "Se encontr\u00f3 que HCL Verse para Android emplea la carga din\u00e1mica de c\u00f3digo. Este mecanismo permite a un desarrollador especificar qu\u00e9 unos componentes de la aplicaci\u00f3n no deben ser cargados por defecto cuando la aplicaci\u00f3n es iniciada. T\u00edpicamente, los componentes b\u00e1sicos y las dependencias adicionales se cargan de forma nativa en el tiempo de ejecuci\u00f3n; sin embargo, los componentes cargados din\u00e1micamente s\u00f3lo se cargan cuando se solicitan espec\u00edficamente. Si bien esto puede tener un impacto positivo en el rendimiento u otorgar una funcionalidad adicional (por ejemplo, una funcionalidad de actualizaci\u00f3n no invasiva), tambi\u00e9n puede abrir la aplicaci\u00f3n a la carga de c\u00f3digo no deseado si no es implementado apropiadamente"}], "id": "CVE-2020-4100", "lastModified": "2020-07-22T16:08:30.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-15T13:15:10.287", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-913"}], "source": "nvd@nist.gov", "type": "Primary"}]}