PT-2022-8979 · Unknown · Platinum Mobile

M. Li

Published

2022-06-03

Updated

2022-06-14

CVE-2020-36528

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Platinum Mobile version 1.0.4.850

Description A critical issue was found, affecting the "/MobileHandler.ashx" API endpoint, which leads to broken access control. The attack requires authentication.

Recommendations For Platinum Mobile version 1.0.4.850, upgrade to version 1.0.4.851 to address this issue. It is recommended to upgrade the affected component.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-264

Related Identifiers

CVE-2020-36528

Affected Products

Platinum Mobile

PT-2022-8979 · Unknown · Platinum Mobile

CVE-2020-36528

Weakness Enumeration

Related Identifiers

Affected Products

References · 4