CVE-2020-36528

EUVD-2020-24005
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.5 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
platinumchinaplatinum_mobile
1.0.4.850
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/Oct/4
https://vuldb.com/?id.162264
http://seclists.org/fulldisclosure/2020/Oct/4
https://vuldb.com/?id.162264