PT-2023-10334 · Viafintech · Viafintech Barzahlen Payment Module Php Sdk

Adiebler

Publicado

2023-01-08

Atualizado

2024-05-17

CVE-2016-15015

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0

Description A vulnerability was found in the viafintech Barzahlen Payment Module PHP SDK, affecting the verify function of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high, and the exploitability is difficult.

Recommendations For viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0, upgrade to version 2.0.1 to address this issue. As a temporary workaround, consider disabling the verify function of the src/Webhook.php file until the patch is applied.

Correção

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203CWE-208

Identificadores relacionados

CVE-2016-15015

GHSA-VG5X-6Q66-RVGX

Produtos afetados

Viafintech Barzahlen Payment Module Php Sdk

PT-2023-10334 · Viafintech · Viafintech Barzahlen Payment Module Php Sdk

CVE-2016-15015

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10