CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9821

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/148923
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf

Products affected by CVE-2017-9821

Npci » Bharat Interface For Money (Bhim) » Version: 1.3

cpe:2.3:a:npci:bharat_interface_for_money_(bhim):1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9821

Products

Pricing

Contact Us