CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5523

Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.6%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 5.8

References

Products affected by CVE-2020-5523

77bank » 77 Bank » Version: N/A

cpe:2.3:a:77bank:77_bank:-
77bank » 77 Bank » Version: 2.0.1

cpe:2.3:a:77bank:77_bank:2.0.1
Ashikagabank » Ashigin » Version: N/A

cpe:2.3:a:ashikagabank:ashigin:-
Ashikagabank » Ashigin » Version: 1.0.4

cpe:2.3:a:ashikagabank:ashigin:1.0.4
Hokkaidobank » Dogin » Version: N/A

cpe:2.3:a:hokkaidobank:dogin:-
Hokkaidobank » Dogin » Version: 3.0.1

cpe:2.3:a:hokkaidobank:dogin:3.0.1
Hokugin » Hokuriku Bank Portal » Version: N/A

cpe:2.3:a:hokugin:hokuriku_bank_portal:-
Hokugin » Hokuriku Bank Portal » Version: 2.0.1

cpe:2.3:a:hokugin:hokuriku_bank_portal:2.0.1
Naganobank » Nagagin » Version: N/A

cpe:2.3:a:naganobank:nagagin:-
Naganobank » Nagagin » Version: 1.0.1

cpe:2.3:a:naganobank:nagagin:1.0.1
Nttdata » Mypallete » Version: N/A

cpe:2.3:a:nttdata:mypallete:-
Shikokubank » Shikoku Bank » Version: N/A

cpe:2.3:a:shikokubank:shikoku_bank:-
Shikokubank » Shikoku Bank » Version: 2.0.1

cpe:2.3:a:shikokubank:shikoku_bank:2.0.1
Sihd-Bk » Ikeda Senshu Bank » Version: N/A

cpe:2.3:a:sihd-bk:ikeda_senshu_bank:-
Sihd-Bk » Ikeda Senshu Bank » Version: 3.0.4

cpe:2.3:a:sihd-bk:ikeda_senshu_bank:3.0.4
Tohoku-Bank » Tougin » Version: N/A

cpe:2.3:a:tohoku-bank:tougin:-
Tohoku-Bank » Tougin » Version: 1.0.1

cpe:2.3:a:tohoku-bank:tougin:1.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5523

Products

Pricing

Contact Us