PT-2026-29217 · Unknown · Business::Onlinepayment::Storedtransaction

Publicado

2026-03-31

Atualizado

2026-04-02

CVE-2025-15618

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Business::OnlinePayment::StoredTransaction versions through 0.01

Description The software generates a secret key using an MD5 hash of a single call to the rand function, which is not suitable for cryptographic purposes. This key is used for encrypting credit card transaction data.

Recommendations Versions prior to 0.01 should be updated.

Correção

Protection Mechanism Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-693CWE-338

Identificadores relacionados

CVE-2025-15618

Produtos afetados

Business::Onlinepayment::Storedtransaction

PT-2026-29217 · Unknown · Business::Onlinepayment::Storedtransaction

CVE-2025-15618

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8